-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jefferson Ogata wrote: > On 07/06/2006 06:21 PM, Tomasz Sterna wrote: >> On 7/4/06, Norman Rasmussen <[EMAIL PROTECTED]> wrote: >>> Most jabber servers seem to give up and _not_ do the dns cascade, but >>> Wildfire seems to do the cascade DNS, generating lots of 'Failed to >>> lookup .de', or 'Failed to lookup .org' records in the log files. >> So you say if I'm hosting your parent domain I could take-over and >> spoof your non-functioning (DDoS'ed) XMPP server? Sending SPIM, >> harvesting password. Possibilities are endless. Great, just great. > > Given jabber clients' genearlly poor support of SSL/TLS certificate > verification (kudos to Psi for doing it right), resistance to DNS-based > attacks seems like a definite non-priority for the jabber community.
RFC 3920 says how to properly handle certificates. Unfortunately, server certificates are not widespread yet (let alone client certificates). But I'm working to change that... Peter - -- Peter Saint-Andre Jabber Software Foundation http://www.jabber.org/people/stpeter.shtml -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFErZAONF1RSzyt3NURAglYAJ9UzRal8Ey7k3x94RxleuZbRhmqsgCeOwLO hNQvEBC8kdbxl+Ll4RVx+Qo= =EHub -----END PGP SIGNATURE-----
smime.p7s
Description: S/MIME Cryptographic Signature
