In article <[EMAIL PROTECTED]>, "JD Conley" <[EMAIL PROTECTED]> wrote:
> Allowing self signed (or otherwise untrusted) certs with STARTTLS + > EXTERNAL is opening yourself up for a serious security breach. Well, that's another story. But that claim on the URL I provided was that it is technically impossible, not inadvisable from a security standpoint. > Using it > with stream:features over dialback would give you encryption with a self > signed cert and trust through the DNS system. STARTTLS + Dialback > offers some level of trust along with encryption without having to worry > about the complexities of a certificate chain. Sure. Another possibility is (1) settling on a root CA or (2) becoming a root CA. /psa _______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mail.jabber.org/mailman/listinfo/jdev
