On Aug 21, 2008, at 1:38 PM, Jonathan Dickinson wrote:
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Kurt Zeilenga
Sent: Thursday, August 21, 2008 10:32 PM
To: XMPP Security
Subject: Re: [Security] TLS-SRP Questions
On Aug 21, 2008, at 12:19 PM, Dirk Meyer wrote:
...
Why would there be any need to otherwise "verify" A's certificate?
So B knows who they are talking to ;).
Does B care to who A is more than its the person that asserted they
were some jabberid?
Do you want to establish that the person who asserted some jabberid is
the person that jabberid was assigned to by the homeserver?
That seems a bit different problem than just establishing that I'm now
communicating with the person who previously asserted they can be
reached at some jabberid.
I'm confused. It's too late here.
-- Kurt
Dirk
--
A bad random number generator: 1, 1, 1, 1, 1, 4.33e+67, 1, 1, 1...
