[Standards] RFC 3920, 10.2/10.3: subdomain routing rules
stpeter at jabber.org
Thu Mar 29 20:34:47 UTC 2007
Dave Cridland wrote:
> On Thu Mar 29 14:13:15 2007, Matthias Wimmer wrote:
>> To enforce authentication of the receiving server we would have to
>> disable dialback and require trusted certificates.
> The problem is you have to essentially mandate a list of CAs, as I
> understand things.
Well, we do have a CA: https://www.xmpp.net/ :)
> Or, you can use leap-of-faith TLS in combination with
> dialback, and at the least heavily reduce the attack's practical benefit.
> Leap-of-faith TLS is basically where you assume that the certificate is
> correct the first time, and you assume that a change - if the new
> certificate is still not verifiable - is a spoof. It's not perfect, but
> since people rarely want to intercept data from servers which have never
> been used before, it's quite practical.
I agree with Matthias that leap-of-faith may not be practical for
XMPP Standards Foundation
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
More information about the Standards