Jonathan Dickinson wrote:
-----Original Message----- From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] On Behalf Of Peter Saint-Andre Sent: Wednesday, August 20, 2008 12:57 AM To: XMPP Security Subject: Re: [Security] TLS Certificates Verification... The client can do this for you over XMPP, no? Is there any reason to visit a web page here?It is out-of-band. Hopefully more secure. Maybe SMSing or Emailing the OTP could work just as well.
I think it's a good idea to use different transports, but I question whether SMS or email is more secure than XMPP. I'd prefer the combination of XMPP and secure HTTP.
/psa
smime.p7s
Description: S/MIME Cryptographic Signature
