Whereas the deployment piece says
>o require the use of TLS for both client-to-server and server-to-server
connections
Doesn't that exclude Server Dialback? Please help me understanding this.
No. You use this (called starttls+dialback) if, after setting up TLS you
notice that you can't trust the peer certificate for strong authentication.
So you have an encrypted stream from TLS and the relatively robust
spoofing protection from dialback. It's safe from passive attacks.
_______________________________________________
JDev mailing list
Info: http://mail.jabber.org/mailman/listinfo/jdev
Unsubscribe: [email protected]
_______________________________________________
