Jonathan Schleifer wrote: > Dirk Meyer <[EMAIL PROTECTED]> wrote: > >> No, it is missing the one thing we also need for TLS: how to verify a >> public key? Let's say I have two bots. They discover each other and >> open an ESession. Bots can not use secrets (I do not want to configure >> a secret for each possible bot-bot combination). So we have public >> keys. Now I have the same problem I have with TLS: is this the correct >> public key. Maybe I (as user) signed the bot keys (in a user friedly >> way like click "add as my bot"). How to verify the signature? I want >> to avoid setting up a CA. I need an answer to that question or >> ESession are as useless as TLS. > > As bots are not people who might be afraid to verify a key or get a > certificate, they could use a certificate issued by a CA. :)
Use case: I want to connect my media network using XMPP. I have a set-top box (bot) and a mobile phone I want to use to control the set-top box. Should I use a CA? Not a good idea. Dirk -- The only problem with mornings is that they happen too early in the day.
