Good idea. On 18/11/2010, at 11:51 AM, Kim Alvefur wrote:
> A thought: > > Imagine a server with a self signed certificate. When your server > connects to it, it of course would't trust the cert enough to do SASL > EXTERNAL, so it falls back to dialback. If dialback is successfully done > a few times, while the server presents the same cert, automatically pin > it and allow SASL EXTERNAL the next time. > > Why: > > * Encourage more widespread deployment, interop testing of EXTERNAL. > * Same with general use of TLS, even with self signed certs. > * Security issues would be about the same as with SSH. > * I suppose it would help about as much with MITM as dialback does with > DNS spoofing? > > Thougts? > > -- > Kim Alvefur <[email protected]> -------------------------------------------------------------------------------------------------------- Email Filtering by Cleartext a Carbon Minimised company - www.cleartext.com --------------------------------------------------------------------------------------------------------
