-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 18/11/10 01:51, Kim Alvefur wrote: > A thought: > > Imagine a server with a self signed certificate. When your server > connects to it, it of course would't trust the cert enough to do SASL > EXTERNAL, so it falls back to dialback. If dialback is successfully done > a few times, while the server presents the same cert, automatically pin > it and allow SASL EXTERNAL the next time.
The connection direction is reversed. I think it is a good idea. One time could be enough. But this could be done outside the server. Imagine a xmpp.org sponsored service that sign certificates with the only requirement of fullfiling the dialback procedure. We could use regular X.509. You would need to trust xmpp.org, just like now you must trust any other CA. - -- Jesus Cea Avion _/_/ _/_/_/ _/_/_/ [email protected] - http://www.jcea.es/ _/_/ _/_/ _/_/ _/_/ _/_/ jabber / xmpp:[email protected] _/_/ _/_/ _/_/_/_/_/ . _/_/ _/_/ _/_/ _/_/ _/_/ "Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/ "My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/ "El amor es poner tu felicidad en la felicidad de otro" - Leibniz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQCVAwUBTOR64plgi5GaxT1NAQIsuwP/cXXwCnr3BdhyPewLlPGMHOn+Rj8A4diS gsXiMQraiiB3B8LNikbiOQ3G9K/9HiMSmPYV419IvNpGxfsxc58TuObCtkT5T9zx t+i6gS1o3cPlFfUQWDe3x31qH79Kjtz+SM8mVPR6f6OacxIS/oNHaIcmY2KG6t8x oQPbG4lAiN0= =BD7m -----END PGP SIGNATURE-----
