This may be a really stupid idea. Any way we could use Kerberos?
> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Johansson Olle E > Sent: Wednesday, August 20, 2008 8:51 AM > To: XMPP Security > Subject: Re: [Security] TLS Certificates Verification - certificate and > private key clarification > > > 20 aug 2008 kl. 02.10 skrev Florian Zeitz: > > > Another issue with certificates in general (that Justin Karneges > > already > > brought up) is that there should be only one certificate per JID. > That > > means you have to get this certificate to all machines you use that > > account with. One solution would be to store the certificate on the > > server (doesn't really sound like a good idea). The other would be to > > leave it to the user to transfer the certificate from machine to > > machine, which probably falls in to the "to hard" category. > > This is no issue with the certificate. I think you're mixing the > certificate > and the private key. The private key is needed on all systems, as is > the public key. The certificate is a signed wrapper around the public > key and can be distributed freely. > > You don't want a third party like your server to store the private key. > (remember WAP security ;-) ) > > Just a small clarification. > > We do need to start the wiki docs :-) > /O
