On Aug 21, 2008, at 3:21 PM, Kurt Zeilenga wrote:
On Aug 21, 2008, at 2:34 PM, Dirk Meyer wrote:
Kurt Zeilenga wrote:
On Aug 21, 2008, at 1:38 PM, Jonathan Dickinson wrote:
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:security-
[EMAIL PROTECTED] On
Behalf Of Kurt Zeilenga
Sent: Thursday, August 21, 2008 10:32 PM
To: XMPP Security
Subject: Re: [Security] TLS-SRP Questions
On Aug 21, 2008, at 12:19 PM, Dirk Meyer wrote:
...
Why would there be any need to otherwise "verify" A's certificate?
So B knows who they are talking to ;).
Does B care to who A is more than its the person that asserted they
were some jabberid?
Yes, I want mutal trust.
Should I parse this 'Yes and I want mutual trust'? That is, just
'Yes' to my question doesn't imply you want mutual trust.
Or to put it another way, mutual authentication can be provided for
the 'yes' answer as well as for the 'no' answer. My question was not
about one-way v. mutual authentication, it was about what each is
authenticating.
That's yet another thing.
By the way, the point of these questions is to try to clarify what
the problems are that you and others are trying to solve.
Some, I think, would have answered 'no' (B doesn't care who A is
more than its the person that asserted they were some jabberid).
Maybe the server is compromised or I do not
have a server (link local messaging). We need trust in both
directions.
Dirk
--
Black holes are where God divided by zero.
