Jonathan Dickinson wrote: > Somehow the user would have different certificates for different > resources. This would allow me to assert that jack sent the message > and he is at home.
That is why I wanted to have user certificates and client certificates. > More appropriately, if I have 15 killer robots I could give them > different resources, but the same bare JID. I would then be able to > tell for sure which the message came from (e.g. Arnold manages to > catch one and starts impersonating it, but the others are still > secure). You could just give each a completely different JID, but > somehow this has some attractive properties. All your killer robots should only have a client certificate that is signed somehow (CA vs. web of trust, see my other mails) by your client key. Now when Arnold takes over one of your robots you revoke that client key with your user key. All other robots can still kill in your name. And all robots will share your base JID. You as user have one JID with one user certificate and a server password to log in. Your robots all have the server password to log in and create a unique full JID. They all get a unique client certificate signed by the user certificate. Dirk -- ACK and you shall receive.
