this idea on my SoC application, so any input would
be greatly appreciated.
I think you can accomplish this already using RDP, VNC, or screen.
--
Jefferson Ogata <[EMAIL PROTECTED]>
NOAA Computer Incident Response Team (N-CIRT) <[EMAIL PROTECTED]>
"Never try to retriev
On 2008-02-26 00:00, Alexander Gnauck wrote:
Jefferson Ogata schrieb:
How, exactly, do you know? I.e. what specific prenegotiation informs
the XMPP server which domain certificate to use? Traditional STARTTLS
(e.g. in ESMTP and LDAP), AFAIK, has no such provision; this would
have to be an
tandards@, though.
If the protocol provided certificate CN prenegotiation there would be at
least *one* argument in favor of using STARTTLS. If, as you say, XMPP
provides no such capability, then it's a no-brainer that STARTTLS is the
WRONG approach. I know you hate receiving responses li
On 2008-02-25 15:50, Tomasz Sterna wrote:
Dnia 2008-02-25, Pn o godzinie 15:13 +, Jefferson Ogata pisze:
That reminds me: I've been wondering why Jabber folks have been
encouraging STARTTLS? In general, STARTTLS has the flaw of allowing
misconfigured clients (of any protocol) to tra
ntage does STARTTLS provide to offset these annoyances?
--
Jefferson Ogata <[EMAIL PROTECTED]>
NOAA Computer Incident Response Team (N-CIRT) <[EMAIL PROTECTED]>
"Never try to retrieve anything from a bear."--National Park Service
, and besides, any
SSL/TLS transport will nullify that with compression automatically.
There's also always CDATA and &#-style encoding for binary data, but
that doesn't let you send \0.
--
Jefferson Ogata <[EMAIL PROTECTED]>
NOAA Computer Incident Response Team (N-CIR
On 2006-07-22 11:44, Oleg Motienko wrote:
> Does anybody know a method of discovering jabber server name by ip
> address if port 5269/tcp is opened and jabber server listening there?
I believe you could start TLS and check the certificate cn, though that
wouldn't be definitive.
--
mply send back
the confirming reply automatically. The server has one more state to track.
Thanks for giving it some thought.
--
Jefferson Ogata <[EMAIL PROTECTED]>
NOAA Computer Incident Response Team (N-CIRT) <[EMAIL PROTECTED]>
"Never try to retrieve anything from a bear."--National Park Service
ed. Putting it on servers is a better
> idea. I'll leave the question of whether this is technically possible
> to the rest of you guys.
The requirements for the clients are pretty minimal, as far as I can
see. But let's see how the discussion goes...
--
Jefferson Ogata &l
nd then having clients present
it to the user before logging in. The original question was simply
whether this was in the protocol definition anywhere, and I think Peter
answered quite clearly right off the top.
--
Jefferson Ogata <[EMAIL PROTECTED]>
NOAA Computer Incident Response Team
On 2006-07-19 02:00, Hal Rottenberg wrote:
> On 7/18/06, Jefferson Ogata <[EMAIL PROTECTED]> wrote:
>> Is there any provision in XMPP or JEPs for service banners? By this I
>> mean proper banners such as are supported by ssh2, as well as
>> traditional protocol
here.
--
Jefferson Ogata <[EMAIL PROTECTED]>
NOAA Computer Incident Response Team (N-CIRT) <[EMAIL PROTECTED]>
"Never try to retrieve anything from a bear."--National Park Service
On 07/12/2006 06:02 AM, Benjamin Podszun wrote:
> Jefferson Ogata wrote:
>> I do have a concern about the RFC, in the details of cn matching
>> performed when SRV records are involved. While clearly you do the right
>> thing in ignoring the hostname returned in an SRV record
On 2006-07-06 22:34, Peter Saint-Andre wrote:
> Jefferson Ogata wrote:
>>> On 07/06/2006 06:21 PM, Tomasz Sterna wrote:
>>>> On 7/4/06, Norman Rasmussen <[EMAIL PROTECTED]> wrote:
>>>>> Most jabber servers seem to give up and _not_ do the dns cascade, b
Given jabber clients' genearlly poor support of SSL/TLS certificate
verification (kudos to Psi for doing it right), resistance to DNS-based
attacks seems like a definite non-priority for the jabber community.
--
Jefferson Ogata <[EMAIL PROTECTED]>
NOAA Computer Incident Response Team (N-C
15 matches
Mail list logo
