[Standards] Proposed XMPP Extension: XMPP Transport Layer Security
Jesus Cea
jcea at argo.es
Tue Dec 4 08:59:41 CST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Justin Karneges wrote:
> Most TLS libraries operate as a "black box", passing an opaque stream of bytes
> to the application. I'd suggest making the XEP have a more transparent use
> of TLS to match this fact. In other words, rather than saying the first iq
> stanza must contain certain explicit TLS constructs (e.g. ClientHello), just
> say it can contain any arbitrary TLS data, just like how a real TLS stream
> over TCP works. This would allow most off-the-shelf TLS libraries, such as
> OpenSSL, to be used with XTLS. Since a stanza stream has TCP-like behavior,
> I think we can get away with this.
>
> Of course, this would mean we'd lose the direct mapping between each
> transported stanza and the content within. For example, a single IM may span
> multiple transported stanzas, or a single transported stanza may contain
> multiple IMs. However, I don't think having a direct mapping buys us much at
> all, while having an opaque/transparent transport buys us a *lot*.
I agree. Most of the time, you can't control what is going in each TLS
packet.
- --
Jesus Cea Avion _/_/ _/_/_/ _/_/_/
jcea at argo.es http://www.argo.es/~jcea/ _/_/ _/_/ _/_/ _/_/ _/_/
jabber / xmpp:jcea at jabber.org _/_/ _/_/ _/_/_/_/_/
_/_/ _/_/ _/_/ _/_/ _/_/
"Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/
"My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQCVAwUBR1VrXZlgi5GaxT1NAQJ0GwP/RDWzqP/gh4/prc7nVkXsWegDtLyadzgy
X1u7ZKcVM8nZcX6ja6PCr2BjbsyJWLxI7otoC226dncFqnj8DxfW8d1EBNAIR6SI
wcfT32dC9PsMJWkjIJNqGs42nmKK64rGd0SOhMBvZPaFUrXTXbHrj03gMxVJ5M69
gqhw7BF58aM=
=Uqz+
-----END PGP SIGNATURE-----
More information about the Standards
mailing list