On Wed, 2010-11-17 at 19:35 -0700, Peter Saint-Andre wrote: > How would the pinning work?
What I described is pretty much "TOFU", except you wait until at least one successful dialback is made. > Do you foresee that an admin would need to approve the pinning for > server-to-server connections? The point would be to not require this, but a manual mode is of course very nice to have, and should probably come first. The "auto mode" should probably be disabled by default and reserved for those who don't trust CA's for some reason but still doesn't think they'll get MITM'ed on the first s2s connection. > Another thought: use server buddy lists and check with domains you > trust to see if they know the cert for that server. That indeed allows for some really cool stuff, but it's a bit in the future (does any server do xep 267 yet?) along with DNSSEC :( -- Kim Alvefur <[email protected]>
signature.asc
Description: This is a digitally signed message part
