Hi JD!
JD Conley schrieb am 2004-11-12 09:18:46:
Not sure ... there are valid reasons to change your s2s certificate:
- Key expired
- Key has been compromised
- Key has been lost
Well, if the cert changed you could then verify the key again with a
dialback and reset the cache if
-Original Message-
From: Matthias Wimmer [mailto:[EMAIL PROTECTED]
Hi JD!
JD Conley schrieb am 2004-11-12 09:18:46:
Not sure ... there are valid reasons to change your s2s
certificate:
- Key expired
- Key has been compromised
- Key has been lost
Well, if the
On Thu, Nov 18, 2004 at 09:33:05AM -0800, JD Conley wrote:
If an attacker attempts to connect and provides a certificate that is
not on record for the host they are claiming to be, a dialback is
performed against the authority of the host. The attacker, unless they
have control of DNS or the
Nothing can be done without trust. We are using Verisign today as a
trusted body for providing correct DNS records and references.
-David Waite
On Thu, 18 Nov 2004 05:14:02 -0800, Neil Stevens [EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 18 November
On Fri, 12 Nov 2004, Peter Saint-Andre wrote:
Well, I was thinking of this paragraph:
While this is a good choice to establish coordinates links between
servers, it does not work for servers, where the administrators did not
setup the encryption by agreement.
Just before that paragraph: I
Hi Peter!
Peter Saint-Andre schrieb am 2004-11-11 17:53:30:
Allowing self signed (or otherwise untrusted) certs with STARTTLS +
EXTERNAL is opening yourself up for a serious security breach.
Well, that's another story. But that claim on the URL I provided was
that it is technically
Hi Justin!
Justin Karneges schrieb am 2004-11-11 22:07:54:
And now that I think about it, the whole use dialback for the first
connection, SASL EXTERNAL for all after concept would be a good way to
optimize s2s.
Not sure ... there are valid reasons to change your s2s certificate:
- Key
From: Matthias Wimmer [mailto:[EMAIL PROTECTED]
Sent: Friday, November 12, 2004 5:07 AM
Hi Justin!
Justin Karneges schrieb am 2004-11-11 22:07:54:
And now that I think about it, the whole use dialback for the first
connection, SASL EXTERNAL for all after concept would be a good way
to
I doubt someone arguing that ssh is more widely used (either in terms
of traffic or in terms of users) than SSL/TLS, or even than just the
https usage of SSL/TLS, would be taken very seriously.
If Jabber servers had started with S2S defaulting to SSL, then trusted
issuers would be the only way to
On Thursday 11 November 2004 04:53 pm, Peter Saint-Andre wrote:
In article
[EMAIL PROTECTED],
JD Conley [EMAIL PROTECTED] wrote:
Allowing self signed (or otherwise untrusted) certs with STARTTLS +
EXTERNAL is opening yourself up for a serious security breach.
Well, that's another story.
On Thu, 11 Nov 2004 19:54:49 -0800, Neil Stevens [EMAIL PROTECTED] wrote:
Also, remember that different people have different threat models to
address. Someone in the old hypothetical revolutionary conspiracy can't
afford to depend on large institutional corporations to sign their
11 matches
Mail list logo
