Ralf Skyper Kaiser sky...@thc.org wrote:
The user has to trust ALL keys and not just the single ROOT KEY.
That's true, but the amount of trust you have to put in high-level DNSSEC
keys is relatively limited. DNSSEC is aware of zone cuts, and high-level
keys cannot authenticate domain names
on 4-only and 6-only
networks then you need a dual-stack server.
The more interesting problem (which Tony Finch pointed out a while back) is
that on a SRV lookup, you get the A/ records for free in the additional
section. But if you only get one or other, you can't assume that the other
On Fri, 4 Apr 2008, Jonathan Dickinson wrote:
has anyone considered the SRP (Secure Remote Password) protocol?
It's unpopular because it's patented.
Tony.
--
f.anthony.n.finch [EMAIL PROTECTED] http://dotat.at/
VIKING NORTH UTSIRE: SOUTH OR SOUTHWEST VEERING NORTHWEST 5 TO 7, OCCASIONALLY
On Wed, 14 Mar 2007, Peter Saint-Andre wrote:
Nicolas V�rit� wrote:
What about http://en.wikipedia.org/wiki/List_of_applications_using_Jabber ?
I know of UnclassifiedNewsBoard, FlySpray, phpBB3, GForge, LibreSource...
Do you know more?
Zimbra, Zabbix, Jaiku, Twitter, etc.
... Joost ...
On Mon, 19 Jun 2006, Igor Goryachev wrote:
Could you please explain this moment a bit wider? It might be important
for me.
It's from control theory. In an open loop control system I just send the
system messages to tell it how to behave, whereas in a closed loop system
I get messages back so I
On Wed, 24 May 2006, Peter Saint-Andre wrote:
I am working with a certification authority on adding XMPP support to
the certificates they issue.
Has anyone written a straightforward description of how to generate a
proper XMPP cert with all of the id-on-xmppAddr stuff using OpenSSL?
Given
On Thu, 25 May 2006, Dave Cridland wrote:
Consider the case where the server is compromised.
A client compromise is much more likely :-)
If you use DIGEST-MD5, then the attacker only has a plaintext equivalent good
enough to authenticate with the compromised server, and cannot obtain
On Thu, 25 May 2006, Jonathan Siegle wrote:
Tony Finch said the following on 5/25/06 8:08 AM:
Has anyone written a straightforward description of how to generate a
proper XMPP cert with all of the id-on-xmppAddr stuff using OpenSSL?
You can put whatever OIDs in the csr. The CA
On Thu, 25 May 2006, Justin Karneges wrote:
And if you're wondering how to do it in code, have a look at the qca-openssl
plugin from the QCA project:
http://websvn.kde.org/trunk/kdesupport/qca/plugins/qca-openssl/qca-openssl.cpp?rev=540405view=auto
Search for 'XMPP' in there.
Cool,
Here's an example of an OpenSSL configuration file that appears to
generate the right kind of CSRs and self-signed certs. Note that
you need OpenSSL 0.9.8 or newer.
oid_section = new_oids
[ new_oids ]
# RFC 3920 section 5.1.1 defines this OID
xmppAddr = 1.3.6.1.5.5.7.8.5
[ req ]
On Wed, 3 May 2006, Matthias Wimmer wrote:
The s2s component in jabberd 1.4.4 will merely ignore the . entry. It will
try to finde a A record for . and as this does not resolve skip to the next
resolved entry, if there are entries with lower priority for the same service.
That's really bad.
On Fri, 3 Mar 2006, Jesus Cea wrote:
In current TLS, client gives the host it is trying to connect, BEFORE
negociating crypto. So if you are using a modern webserver and a modern
browser, you can share the IP.
I just don't remember if this feature is present in TLS 1.0 or in the
current
On Fri, 3 Mar 2006, Justin Karneges wrote:
IMO, a better way would be to use RFC 2817, which allows upgrading a plaintext
HTTP connection to TLS dynamically. It works essentially the same way as
XMPP's starttls. Sadly, no one actually uses this great spec.
I get the impression that that is
On Wed, 1 Mar 2006, [EMAIL PROTECTED] wrote:
1. The protocol standard is XMPP (and not Jabber)
However the term that RFC 3920 uses for an XMPP address is Jabber
Identifier or JID.
Tony.
--
f.a.n.finch [EMAIL PROTECTED] http://dotat.at/
FISHER: CYCLONIC 5 TO 7. SNOW SHOWERS. GOOD
On Wed, 1 Mar 2006, Peter Saint-Andre wrote:
2. Clients open TCP connections to shakespeare.lit (rather than
denmark.lit etc.) but specify the desired virtual hostname in the 'to'
address of the stream header, then check the certificate presented by
the server as either 'shakespeare.lit' or
On Sat, 19 Nov 2005, Ulrich Staudinger wrote:
i am just wondering if someone expenses thoughts on an interplanetary IM
system, similar to the interplanetary Mail system:
Isn't instant messaging fundamentally incompatible with 30 minute
round-trip times?
Tony.
--
f.a.n.finch [EMAIL
On Sat, 5 Nov 2005, Matthias Wimmer wrote:
Justin Karneges schrieb:
- If the certificate is for example.com, do you accept this
certificate to be used for service.example.com as well? Currently I
don't. But I am not sure if this is correct/intended by RFC3920.
You shouldn't. And I
On Thu, 20 Oct 2005, Mukil Kesavan wrote:
SENT: stream:stream to=talk.google.com http://talk.google.com
xmlns=jabber:client xmlns:stream=http://etherx.jabber.org/streams;
RECEIVED: stream:stream from=talk.google.com http://talk.google.com
id=E6DB0DD7
18 matches
Mail list logo