On 11/17/10 5:51 PM, Kim Alvefur wrote: > A thought: > > Imagine a server with a self signed certificate. When your server > connects to it, it of course would't trust the cert enough to do SASL > EXTERNAL, so it falls back to dialback. If dialback is successfully done > a few times, while the server presents the same cert, automatically pin > it and allow SASL EXTERNAL the next time. > > Why: > > * Encourage more widespread deployment, interop testing of EXTERNAL. > * Same with general use of TLS, even with self signed certs. > * Security issues would be about the same as with SSH. > * I suppose it would help about as much with MITM as dialback does with > DNS spoofing? > > Thougts?
How would the pinning work? In clients, pinning is usually approved by a human user. Do you foresee that an admin would need to approve the pinning for server-to-server connections? Another thought: use server buddy lists and check with domains you trust to see if they know the cert for that server. http://xmpp.org/extensions/xep-0267.html That might make the TOFU ("trust on first use") a bit more tasty. ;-) Peter -- Peter Saint-Andre https://stpeter.im/
smime.p7s
Description: S/MIME Cryptographic Signature
