Ralf Skyper Kaiser wrote:
>
> The user has to trust ALL keys and not just the single ROOT KEY.
That's true, but the amount of trust you have to put in high-level DNSSEC
keys is relatively limited. DNSSEC is aware of zone cuts, and high-level
keys cannot authenticate domain names below a zone cut.
that are likely to end up on 4-only and 6-only
networks then you need a dual-stack server.
> The more interesting problem (which Tony Finch pointed out a while back) is
> that on a SRV lookup, you get the A/ records "for free" in the additional
> section. But if you only g
On Fri, 4 Apr 2008, Jonathan Dickinson wrote:
> has anyone considered the SRP (Secure Remote Password) protocol?
It's unpopular because it's patented.
Tony.
--
f.anthony.n.finch <[EMAIL PROTECTED]> http://dotat.at/
VIKING NORTH UTSIRE: SOUTH OR SOUTHWEST VEERING NORTHWEST 5 TO 7, OCCASIONALLY
On Wed, 14 Mar 2007, Peter Saint-Andre wrote:
> Nicolas V�rit� wrote:
> >
> > What about http://en.wikipedia.org/wiki/List_of_applications_using_Jabber ?
> > I know of UnclassifiedNewsBoard, FlySpray, phpBB3, GForge, LibreSource...
> > Do you know more?
>
> Zimbra, Zabbix, Jaiku, Twitter, etc.
...
On Mon, 19 Jun 2006, Igor Goryachev wrote:
>
> Could you please explain this moment a bit wider? It might be important
> for me.
It's from control theory. In an open loop control system I just send the
system messages to tell it how to behave, whereas in a closed loop system
I get messages back so
On Mon, 19 Jun 2006, Igor Goryachev wrote:
>
> I have several domains and want to implement something similar to
> mail-like aliases (not virtual hosts) in jabber? Is it possible at
> all?
Forwarding is difficult in Jabber because it is closed-loop whereas email
is open-loop. Consider what happens
Here's an example of an OpenSSL configuration file that appears to
generate the right kind of CSRs and self-signed certs. Note that
you need OpenSSL 0.9.8 or newer.
oid_section = new_oids
[ new_oids ]
# RFC 3920 section 5.1.1 defines this OID
xmppAddr = 1.3.6.1.5.5.7.8.5
[ req ]
On Thu, 25 May 2006, Justin Karneges wrote:
>
> And if you're wondering how to do it in code, have a look at the qca-openssl
> plugin from the QCA project:
>
> http://websvn.kde.org/trunk/kdesupport/qca/plugins/qca-openssl/qca-openssl.cpp?rev=540405&view=auto
> Search for 'XMPP' in there.
Cool,
On Thu, 25 May 2006, Jonathan Siegle wrote:
> Tony Finch said the following on 5/25/06 8:08 AM:
> >
> > Has anyone written a straightforward description of how to generate a
> > proper XMPP cert with all of the id-on-xmppAddr stuff using OpenSSL?
>
> You can put whate
On Thu, 25 May 2006, Dave Cridland wrote:
>
> Consider the case where the server is compromised.
A client compromise is much more likely :-)
> If you use DIGEST-MD5, then the attacker only has a plaintext equivalent good
> enough to authenticate with the compromised server, and cannot obtain anyt
On Wed, 24 May 2006, Peter Saint-Andre wrote:
>
> I am working with a certification authority on adding XMPP support to
> the certificates they issue.
Has anyone written a straightforward description of how to generate a
proper XMPP cert with all of the id-on-xmppAddr stuff using OpenSSL?
Given t
On Wed, 3 May 2006, Matthias Wimmer wrote:
>
> The s2s component in jabberd 1.4.4 will merely ignore the "." entry. It will
> try to finde a A record for "." and as this does not resolve skip to the next
> resolved entry, if there are entries with lower priority for the same service.
That's really
On Fri, 3 Mar 2006, Justin Karneges wrote:
>
> IMO, a better way would be to use RFC 2817, which allows upgrading a plaintext
> HTTP connection to TLS dynamically. It works essentially the same way as
> XMPP's "starttls". Sadly, no one actually uses this great spec.
I get the impression that tha
On Fri, 3 Mar 2006, Jesus Cea wrote:
>
> In current TLS, client gives the host it is trying to connect, BEFORE
> negociating crypto. So if you are using a modern webserver and a modern
> browser, you can share the IP.
>
> I just don't remember if this feature is present in TLS 1.0 or in the
> curre
On Wed, 1 Mar 2006, Peter Saint-Andre wrote:
>
> 2. Clients open TCP connections to shakespeare.lit (rather than
> denmark.lit etc.) but specify the desired virtual hostname in the 'to'
> address of the stream header, then check the certificate presented by
> the server as either 'shakespeare.lit'
On Wed, 1 Mar 2006, [EMAIL PROTECTED] wrote:
>
> 1. The protocol standard is XMPP (and not Jabber)
However the term that RFC 3920 uses for an XMPP address is "Jabber
Identifier or JID".
Tony.
--
f.a.n.finch <[EMAIL PROTECTED]> http://dotat.at/
FISHER: CYCLONIC 5 TO 7. SNOW SHOWERS. GOOD OCCASI
On Tue, 10 Jan 2006, Joe Hildebrand wrote:
> > I want to note here that JEP-0138, Stream Compression, should be done
> > after TLS negotiation. The JEP does not mention that it should also go
> > before SASL but that seems fairly logical.
>
> why before SASL? It seems like the restart of the stre
On Sat, 19 Nov 2005, Ulrich Staudinger wrote:
>
> i am just wondering if someone expenses thoughts on an interplanetary IM
> system, similar to the interplanetary Mail system:
Isn't "instant" messaging fundamentally incompatible with 30 minute
round-trip times?
Tony.
--
f.a.n.finch <[EMAIL PROT
On Sat, 5 Nov 2005, Matthias Wimmer wrote:
> Justin Karneges schrieb:
>
> > > - If the certificate is for "example.com", do you accept this
> > > certificate to be used for "service.example.com" as well? Currently I
> > > don't. But I am not sure if this is correct/intended by RFC3920.
> >
> > You
On Thu, 20 Oct 2005, Mukil Kesavan wrote:
>
> SENT: http://talk.google.com>"
> xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams";>
>
> RECEIVED: http://talk.google.com>"
> id="E6DB0DD7" xmlns:stream="http://etherx.jabber.org/streams";
> xmlns="jabber:client"> xmlns:str="urn:ietf
20 matches
Mail list logo