Peter Saint-Andre writes:
BTW: My server always warns me, that the certificate for
users.jabber.org is invalid.
What client do you use?
I get the warning in the log-file of my server (jabberd14 trunk).
Matthias
Hi there,
i am very happy to announce a new jabber service / server ! :-)
http://activestocks.eu/index.php?option=com_contenttask=viewid=43Itemid=84
Happy jabbering,
Ulrich
begin:vcard
fn:Ulrich B. Staudinger
n:Staudinger;Ulrich B.
org:activestocks.de
Hi there,
has someone a good solution how to reuse an existing community site with
md5'd passwords with a jabber server? Only plain passwords can be
accepted by the jabber server, which can be checked against the md5'd
passwords from the existing community, but digest login for example, is
On 5/24/06, Peter Saint-Andre [EMAIL PROTECTED] wrote:
BTW, this is interesting:
http://wiki.noreply.org/noreply/TheOnionRouter/TorifyHOWTO
See the listings under Instant Messaging...
and there I thought it was how to enable TOR routing for s2s
connections. So you can chat to anonymous jid's
On 5/25/06, Ulrich Staudinger [EMAIL PROTECTED] wrote:
has someone a good solution how to reuse an existing community site with
md5'd passwords with a jabber server? Only plain passwords can be
accepted by the jabber server, which can be checked against the md5'd
passwords from the existing
Norman Rasmussen schrieb:
On 5/25/06, Ulrich Staudinger [EMAIL PROTECTED] wrote:
has someone a good solution how to reuse an existing community site with
md5'd passwords with a jabber server? Only plain passwords can be
accepted by the jabber server, which can be checked against the md5'd
On 5/25/06, Ulrich Staudinger [EMAIL PROTECTED] wrote:
some sort of non-challenge md5? that would be just as secure as plain.
Actually i thought more about something like:
md5( md5(password) + sid )
so, basically using the md5(password) as the plain password, you can
use any sasl method
Norman Rasmussen schrieb:
On 5/25/06, Ulrich Staudinger [EMAIL PROTECTED] wrote:
some sort of non-challenge md5? that would be just as secure as plain.
Actually i thought more about something like:
md5( md5(password) + sid )
so, basically using the md5(password) as the plain password,
On 5/25/06, Ulrich Staudinger [EMAIL PROTECTED] wrote:
has someone a good solution how to reuse an existing community site with
md5'd passwords with a jabber server?
reading http://www.ietf.org/rfc/rfc2831.txt section 3.9:
if you change the existing password storage from
md5({ passwd })
to
Norman Rasmussen schrieb:
On 5/25/06, Ulrich Staudinger [EMAIL PROTECTED] wrote:
has someone a good solution how to reuse an existing community site with
md5'd passwords with a jabber server?
reading http://www.ietf.org/rfc/rfc2831.txt section 3.9:
if you change the existing password
On 5/25/06, Ulrich Staudinger [EMAIL PROTECTED] wrote:
Right. I just would have like to have it standardized. But yes, you are
correct, simply altering a client should be very fine for a single
service.
Just provide a tiny md5 calculator for the users :-) Tell them they
need to run their
On 5/25/06, Ulrich Staudinger [EMAIL PROTECTED] wrote:
That were alright if psi would allow plain auth by default, i'd really
like to push psi, but as said, if a user has to click somewhere to
Allow plain auth, then it's not so good.
Agreed, Psi shouldn't complain about Plain if it's TLS/SSL
On Thu May 25 10:02:01 2006, Ulrich Staudinger wrote:
Hi there,
has someone a good solution how to reuse an existing community site
with md5'd passwords with a jabber server? Only plain passwords can
be accepted by the jabber server, which can be checked against the
md5'd passwords from the
On Thu May 25 11:21:36 2006, Norman Rasmussen wrote:
Agreed, Psi shouldn't complain about Plain if it's TLS/SSL secured.
Yes it should.
Consider the case where the server is compromised. TLS privacy is
only good on the wire, so if you use PLAIN (or any plaintext password
mechanism), you've
On 5/25/06, Dave Cridland [EMAIL PROTECTED] wrote:
On Thu May 25 11:21:36 2006, Norman Rasmussen wrote:
Agreed, Psi shouldn't complain about Plain if it's TLS/SSL secured.
Yes it should.
Consider the case where the server is compromised. TLS privacy is
only good on the wire, so if you use
On Wed, 24 May 2006, Peter Saint-Andre wrote:
I am working with a certification authority on adding XMPP support to
the certificates they issue.
Has anyone written a straightforward description of how to generate a
proper XMPP cert with all of the id-on-xmppAddr stuff using OpenSSL?
Given
On Thu May 25 12:58:21 2006, Norman Rasmussen wrote:
mmm, all true.
Trouble is with security, it's hard to know which parts are paranoia,
and which are sound precautions.
Either way Ulrich's users are going to have to provide
their password in 'plain' format at least once to start using
On Thu, 25 May 2006, Dave Cridland wrote:
Consider the case where the server is compromised.
A client compromise is much more likely :-)
If you use DIGEST-MD5, then the attacker only has a plaintext equivalent good
enough to authenticate with the compromised server, and cannot obtain
Tony Finch said the following on 5/25/06 8:08 AM:
On Wed, 24 May 2006, Peter Saint-Andre wrote:
I am working with a certification authority on adding XMPP support to
the certificates they issue.
Has anyone written a straightforward description of how to generate a
proper XMPP cert with all of
On 5/25/06, Dave Cridland [EMAIL PROTECTED] wrote:
On Thu May 25 11:21:36 2006, Norman Rasmussen wrote:
Agreed, Psi shouldn't complain about Plain if it's TLS/SSL secured.
Yes it should.
Consider the case where the server is compromised. TLS privacy is
only good on the wire, so if you use
On 5/25/06, Tony Finch [EMAIL PROTECTED] wrote:
AFAIK most DIGEST-MD5 implementations keep bare passwords on the server,
so a server compromise would expose them all.
It depends if it's a actual server compromise, or the attacker has
only been able subvert the client's connection.
--
- Norman
On Thu, 25 May 2006, Jonathan Siegle wrote:
Tony Finch said the following on 5/25/06 8:08 AM:
Has anyone written a straightforward description of how to generate a
proper XMPP cert with all of the id-on-xmppAddr stuff using OpenSSL?
You can put whatever OIDs in the csr. The CA will
On Thursday 25 May 2006 05:47, Jonathan Siegle wrote:
Tony Finch said the following on 5/25/06 8:08 AM:
On Wed, 24 May 2006, Peter Saint-Andre wrote:
I am working with a certification authority on adding XMPP support to
the certificates they issue.
Has anyone written a straightforward
On Thu, 25 May 2006, Justin Karneges wrote:
And if you're wondering how to do it in code, have a look at the qca-openssl
plugin from the QCA project:
http://websvn.kde.org/trunk/kdesupport/qca/plugins/qca-openssl/qca-openssl.cpp?rev=540405view=auto
Search for 'XMPP' in there.
Cool,
Here's an example of an OpenSSL configuration file that appears to
generate the right kind of CSRs and self-signed certs. Note that
you need OpenSSL 0.9.8 or newer.
oid_section = new_oids
[ new_oids ]
# RFC 3920 section 5.1.1 defines this OID
xmppAddr = 1.3.6.1.5.5.7.8.5
[ req ]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://www.craigslist.org/pen/cpg/164603640.html
FYI. :-)
Peter
- --
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.shtml
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ulrich Staudinger wrote:
has someone a good solution how to reuse an existing community site with
md5'd passwords with a jabber server? Only plain passwords can be
accepted by the jabber server, which can be checked against the md5'd
passwords
27 matches
Mail list logo