Hi Tony,
DNSSEC is a step into the right direction. I do not dispute that and salute
the jabber community for recognizing this.
DNSSEC reduces the risk of an active attack. DNSSEC does not eliminate that
risk.
On the client/user side this is not sufficient. DNSSEC wont give the user
the
Hi Tony,
DNSSEC is a step into the right direction. I do not dispute that and salute
the jabber community for recognizing this.
DNSSEC reduces the risk of an active attack. DNSSEC does not eliminate that
risk. DNSSEC in fact only marginally reduces this risk considering the
real-world attacks
I don't think anyone here is advocating for downgrading security or not
respecing human rights.
I do think that we're being pretty sanguine about not letting the perfect
become the enemy of the good and incrementally upgrading XMPP's security.
Good security is based on layering trust and trust
On 19 Nov 2013, at 11:58, Ralf Skyper Kaiser sky...@thc.org wrote:
This attack and vulnerability in the TLS authentication has been recognized
by all major browser manufactures. Pinning (on top of DNSSEC) is being
implemented as we speak. Why jabber tries so hard of being less secure than
Hi
On Tue, Nov 19, 2013 at 12:26 PM, Ashley Ward ashley.w...@surevine.comwrote:
On 19 Nov 2013, at 11:58, Ralf Skyper Kaiser sky...@thc.org wrote:
This attack and vulnerability in the TLS authentication has been
recognized by all major browser manufactures. Pinning (on top of DNSSEC) is
On 19 nov. 2013, at 12:58, Ralf Skyper Kaiser sky...@thc.org wrote:
Hi
On Tue, Nov 19, 2013 at 11:37 AM, Simon Tennant si...@buddycloud.com wrote:
I don't think anyone here is advocating for downgrading security or not
respecing human rights.
I do think that we're being pretty
Hi,
On Tue, Nov 19, 2013 at 12:29 PM, Thijs Alkemade th...@xnyhps.nl wrote:
On 19 nov. 2013, at 12:58, Ralf Skyper Kaiser sky...@thc.org wrote:
Hi
On Tue, Nov 19, 2013 at 11:37 AM, Simon Tennant si...@buddycloud.com
wrote:
Automatic key pinning works for SSH, because private keys
On 19 nov. 2013, at 14:07, Ralf Skyper Kaiser sky...@thc.org wrote:
Hi,
On Tue, Nov 19, 2013 at 12:29 PM, Thijs Alkemade th...@xnyhps.nl wrote:
On 19 nov. 2013, at 12:58, Ralf Skyper Kaiser sky...@thc.org wrote:
Hi
On Tue, Nov 19, 2013 at 11:37 AM, Simon Tennant
On 19 Nov 2013, at 12:30, Ralf Skyper Kaiser sky...@thc.org wrote:
Pinning does not require any protocol change in its simplest form. It can be
done with just minor changes on the client side.
Agreed - in its simplest form you could use it on the c2s connection to ensure
the server’s
On Tue, Nov 19, 2013 at 2:12 PM, Ashley Ward ashley.w...@surevine.comwrote:
On 19 Nov 2013, at 12:30, Ralf Skyper Kaiser sky...@thc.org wrote:
Pinning does not require any protocol change in its simplest form. It
can be done with just minor changes on the client side.
Agreed - in its
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/19/13 9:21 AM, Ralf Skyper Kaiser wrote:
On Tue, Nov 19, 2013 at 2:12 PM, Ashley Ward
ashley.w...@surevine.com mailto:ashley.w...@surevine.com
wrote:
On 19 Nov 2013, at 12:30, Ralf Skyper Kaiser sky...@thc.org
mailto:sky...@thc.org
11 matches
Mail list logo