In article <[EMAIL PROTECTED]>,
"JD Conley" <[EMAIL PROTECTED]> wrote:
Allowing self signed (or otherwise untrusted) certs with STARTTLS +
EXTERNAL is opening yourself up for a serious security breach.
Well, that's another story. But that claim on the URL I provided was that it is technically impossible, not inadvisable from a security standpoint.
Considering mawis was writing about STARTTLS in an s2s context, I think one can grant some license to read "it only works with certificates signed by a trusted CA" as "it's only useful with certificates signed by a trusted CA".
Using it with stream:features over dialback would give you encryption with a self signed cert and trust through the DNS system. STARTTLS + Dialback offers some level of trust along with encryption without having to worry about the complexities of a certificate chain.
Sure. Another possibility is (1) settling on a root CA or (2) becoming a root CA.
STARTTLS + Dialback has now been implemented in both jabberd1.4 (in CVS) and jabberd2 (a patch for s2s), so I think STARTTLS + Dialback should be encouraged as the basic minimum for s2s traffic, and when there's agreement on (1) or (2), server administrators could choose to set their own policies about interconnection (e.g. will only establish s2s connections with servers with CA-signed certs).
Regards Stephen
_______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mail.jabber.org/mailman/listinfo/jdev
