On Wed Aug 20 11:22:46 2008, Jonathan Dickinson wrote:
You could also use SASL External...
This is quite sensible, although unrelated, if you're suggesting what
I think you might be.
If the client has a TLS certificate, which it can do either by
provisioning through a CA or by simply generating a self-signed one,
then we can use the authentication with the server to bootstrap it
there, in which case the client needn't record the password at all,
which is nice.
Nothing to do with the problem at hand, but quite interesting.
How about involving resources. This way the recipient would know
not only know who the message came from, but where (great for
bots). They could be used for further entropy of encryption or
something if used in a hash. I am not sure how it would work out,
but if we could get it right it would be pretty neat :P.
I have no idea what you're talking about here, however.
Dave.
--
Dave Cridland - mailto:[EMAIL PROTECTED] - xmpp:[EMAIL PROTECTED]
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
