On Thu Nov 18 00:51:26 2010, Kim Alvefur wrote:
Imagine a server with a self signed certificate. When your server
connects to it, it of course would't trust the cert enough to do
SASL
EXTERNAL, so it falls back to dialback. If dialback is successfully
done
a few times, while the server presents the same cert, automatically
pin
it and allow SASL EXTERNAL the next time.
Actually, just doing leap-of-faith the first time is sufficient.
You're allowing full dialback as authentication anyway, so in
practise, this isn't losing you any security, whereas by having to
build trust in a server, you're providing a larger window for an
attacker to disrupt.
It's also, of course, not gaining any security - it is gaining
optimization, but at the risk that an attacker can disrupt, and
takeover, a server if he times it *just* so. (Or, if your LoF
certificate store isn't persistent and he figures out how to crash
your server).
Dave.
--
Dave Cridland - mailto:[email protected] - xmpp:[email protected]
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
