[Standards-JIG] Depricating DialBack w/ new CA
jd.conley at coversant.net
Tue Jan 9 19:06:38 UTC 2007
My vote is to keep it around indefinitely. It fosters federation without
the headaches of key/cert management. Even with the JSF being a cert
authority you still have to request the certs, which is a manual and
tedious process requiring some sort of out of band validation - email,
etc. TLS (untrusted) + DNS (for trust) + Dialback is good enough
security for 99% of the people out there.
From: standards-jig-bounces at jabber.org
[mailto:standards-jig-bounces at jabber.org] On Behalf Of Chris Mullins
Sent: Tuesday, January 09, 2007 10:44 AM
To: standards-jig at jabber.org
Subject: [Standards-JIG] Depricating DialBack w/ new CA
As Peter moves forward with the BIS version of the RFC's, I'm wondering
if we should finally punt on dialback. The reason it's been kept around
so long is that self-signed certs aren't sufficient security, and adding
in the DNS layer helps out with that.
Now that we've got a CA, and certs are practical for all, this reason
doesn't hold as much weight as it used to.
Anyone other than me in favor of seeing dialback die off in 2007?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Standards