RE: [JDEV] SSL & Valid Certificates

Wed, 17 Apr 2002 16:23:19 -0700

Title: RE: [JDEV] SSL & Valid Certificates

I am using the crypto API, so I will use the Windows Certificate store.
Thanks for the feedback, I will let the users know when there is a
problem with a cert.

-Robert

> -----Original Message-----
> From: Michael F Lin [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, April 17, 2002 2:48 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [JDEV] SSL & Valid Certificates
>
>
>
> I would say that if you have access to system certificate
> APIs and stores
> (e.g. the Windows CryptoAPI, or whatever Mozilla uses), it might be
> worthwhile to verify the certificate chain. Otherwise I would
> say it is
> unlikely to be worthwhile to expend the programmatic effort
> of maintaining
> your own certificate stores and so on. Jabber traffic in general is
> unlikely to be worth the effort necessary to hijack a DNS
> name and set up a
> server with bogus certificates, and if it is that sensitive
> it should rely
> on something more end-to-end than TLS.
>
> -Mike
>
>
>
> |---------+---------------------------->
> |         |           Robert Temple    |
> |         |           <Robert.Temple@di|
> |         |           g.com>           |
> |         |           Sent by:         |
> |         |           jdev-admin@jabber|
> |         |           .org             |
> |         |                            |
> |         |                            |
> |         |           04/14/2002 02:55 |
> |         |           AM               |
> |         |           Please respond to|
> |         |           jdev             |
> |         |                            |
> |---------+---------------------------->
>  
> >-------------------------------------------------------------
> -----------------------------------------------------------------|
>   |                                                          
>                                                                    |
>   |       To:       "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>    
>                                                                    |
>   |       cc:                                                
>                                                                    |
>   |       Subject:  [JDEV] SSL & Valid Certificates          
>                                                                    |
>   |                                                          
>                                                                    |
>   |                                                          
>                                                                    |
>  
> >-------------------------------------------------------------
> -----------------------------------------------------------------|
>
>
>
> Should clients that support SSL connections to a jabber
> server check to
> make sure that the servers certificate is valid?  i.e. check
> if the names
> match, the root is trusted, its not expired, etc.   If they
> should then I
> plan to tell the user that there is an issue with the certificate like
> Internet Explorer does, and ask them if they want to remain connected.
>
> Thanks,
> Robert
>
>
>
> _______________________________________________
> jdev mailing list
> [EMAIL PROTECTED]
> http://mailman.jabber.org/listinfo/jdev
>

Reply via email to