|
|
|
|
|
|
by MattJ100
131 days ago
|
|
|
You're not wrong. PKI has better protections against MITM, dialback has better protections against certificate leaks/misissuance. I think the ideal approach would be combining both (as mentioned, there have been some experiments with that), except when e.g. DANE can be used ( https://prosody.im/doc/modules/mod_s2s_auth_dane_in ). But if DANE can be used, the whole CA thing is irrelevant anyway :) |
|
|