[Standards] RFC 3920, 10.2/10.3: subdomain routing rules

Tomasz Sterna tomek at xiaoka.com
Fri Mar 30 14:40:24 UTC 2007


Dnia 29-03-2007, czw o godzinie 15:52 +0200, Matthias Wimmer napisał(a):

> I considered checking destination certificates several times. But what 
> would I do if the certificate could not be verified? Don't nail me down 
> on the number, but I expect that about 50% of the certificates for my 
> peers are invalid. I only seem to have two options:
> - Not peering with them. This would not encourage people to get valid 
> certificates. Most admins would probably just stop using TLS at all.
> - Fall back to using dialback. Oh what cool improvement. Because I do 
> not trust the certificate I go to transmit stanzas totally in clear.
> 
> Both not very appealing options ...

Or... We could use user-pressure. :-)

What if a server marked all stanzas whether it came over secure channel,
or not?
And if clients would show if the conversation you're in is secure or
not?

This could "encourage" server admins to put a proper certificates in
place. :-)


-- 
Tomasz Sterna
Xiaoka Grp.  http://www.xiaoka.com/




More information about the Standards mailing list