[Standards] C2C TLS

Dirk Meyer dmeyer at tzi.de
Mon Nov 24 13:48:04 CST 2008

Jonathan Schleifer wrote:
> Am 24.11.2008 um 18:50 schrieb Dave Cridland:
>> C2C TLS has numerous carefully audited crypto implementations, and
>> one (or two?) test client implementations. Now, arguably, it might
>> well have more - I'm not sure how many of the existing XEP-0174
>> clients will simply use TLS if offered, which would count in at
>> least some respects.
> Please name at least two implementation so I can test those :).

I have one lib that implements XEP-0247 for server based communication
and XEP-0174 for link-local communication. In both bases starttls is
used. I also added XEP-0250 support to provide X.509 certificate or SRP
support -- no OpenGPG authentication right now. This works for both
XEP-0247 and XEP-0174. The lib is not yet released, but I can send it to
you if you want to test a client against it. I also wanted to implement
XEP-0189 for public key handling to use in XEP-0250, but I have some
problems with ejabberd not providing the list of all published keys
using PEP. So ATM you have to put all known certificates in a file for
the client, that is no good solution. I plan to release my code for some
time now, but writing down my PhD thesis consumes a lot of my time. And
without a proper key handling it is not so much fun.

> Well, what about SAS? I still can't see it. 

There is no SAS for TLS right now. TLS-SRP cames close to it (you have
to know a password before opening the connection) and that is working
for me.

> And do they use jingle inband or direct connections? 

Right now only InBand, my client has no support for SOCKS5.

> If they use direct connections, is NAT traversal implemented, using a
> STUN server etc.?

No, we have no XEP for that yet. I'm trying to figure out what we need
when implementing ICE-TCP. This is off-topic right now, but I wonder if
we need the complexity of ICE-TCP or if we can go an easier way.


You might have mail.

More information about the Standards mailing list