If we had an Internet Hall of Fame I'd nominate Dave for a place on the wall :)
On 19/11/2010, at 9:57 AM, Dave Cridland wrote: > On Thu Nov 18 00:51:26 2010, Kim Alvefur wrote: >> Imagine a server with a self signed certificate. When your server >> connects to it, it of course would't trust the cert enough to do SASL >> EXTERNAL, so it falls back to dialback. If dialback is successfully done >> a few times, while the server presents the same cert, automatically pin >> it and allow SASL EXTERNAL the next time. > > Actually, just doing leap-of-faith the first time is sufficient. > > You're allowing full dialback as authentication anyway, so in practise, this > isn't losing you any security, whereas by having to build trust in a server, > you're providing a larger window for an attacker to disrupt. > > It's also, of course, not gaining any security - it is gaining optimization, > but at the risk that an attacker can disrupt, and takeover, a server if he > times it *just* so. (Or, if your LoF certificate store isn't persistent and > he figures out how to crash your server). > > Dave. > -- > Dave Cridland - mailto:[email protected] - xmpp:[email protected] > - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/ > - http://dave.cridland.net/ > Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade -------------------------------------------------------------------------------------------------------- Email Filtering by Cleartext a Carbon Minimised company - www.cleartext.com --------------------------------------------------------------------------------------------------------
