[Security] S2S Leap of faith w/ SASL EXTERNAL

Matthew Wild mwild1 at gmail.com
Thu Nov 18 17:22:54 CST 2010

On 18 November 2010 23:07, David Banes <david at banes.org> wrote:
> Cisco should sponsor/host it...

A lonely picture of Dave hanging on some wall in the Cisco offices? I
can see it now...


The problem I see with this is - when the admin changes the certs
(e.g. they expire) - what next? We just blindly trust the new certs
after dialback? Isn't there a risk that the MITM comes along, offers a
new cert, and intercept the dialback verifications and acks it

In SSH at least you get notified (quite loudly) that the server
fingerprint has changed.


More information about the Security mailing list