[Standards-JIG] stream:error for dialback with no SASL support

Matthias Wimmer m at tthias.net
Sat Jul 24 18:33:50 UTC 2004


Hi David!

David Waite schrieb am 2004-07-24 12:06:36:
> What does TLS mean without authentication? The idea is to use trusted
> certificates in order to authenticate (hopefully bidirectionally) with
> the other server. I guess I don't see what dialback provides if you
> are using certificates for authentication.

If there is a trusted certificate I do not need Dialback, that's true
... but I do not want to restrict TLS to only accept trusted
certificates (but the admin might request so be configuring the server
to only accept trusted certs).

In my opinion STARTTLS without trusted certs is still useful as it
protects the connection from passive attacks.


Tot kijk
    Matthias

-- 
Fon: +49-(0)70 0770 07770       http://web.amessage.info
HAM: DB1MW                      xmpp:mawis at amessage.info
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20040724/1d9e4b2f/attachment.sig>


More information about the Standards mailing list