[Summit] TLS s2s interconect hackfest

Peter Saint-Andre stpeter at stpeter.im
Wed Jan 27 08:23:33 CST 2010

On 1/27/10 6:25 AM, Dave Cridland wrote:
> On Wed Jan 27 13:03:50 2010, Peter Saint-Andre wrote:
>> On 1/27/10 6:00 AM, Dave Cridland wrote:
>> > On Wed Jan 27 12:44:05 2010, Diana Cionoiu wrote:
>> >> Hello,
>> >>
>> >> Is there ANYONE interested to test TLS s2s during the Friday hackfest?
>> >
>> > We can certainly do that.
>> +1. This is a major gap in testing and deployment, perhaps because it's
>> not visible to users.
> Right, that's true. It's also very easy to get wrong in various weird
> ways. (My favourite remains the case where you decide that the peer
> you're connecting to doesn't have a valid certificate, and therefore
> instead of using the EXTERNAL you're offered, you insist on doing
> dialback to authenticate yourself.)

That is rather strange from the PKI perspective, but it's always seemed
like a good fallback from the XMPP perspective. Or is it? :)


Peter Saint-Andre

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6820 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/summit/attachments/20100127/98f853cc/attachment.bin>

More information about the Summit mailing list