[Standards] C2C TLS

Jonathan Schleifer js-xmpp-standards at webkeks.org
Tue Nov 25 08:32:12 CST 2008


Am 25.11.2008 um 14:41 schrieb Dave Cridland:

> If Gajim, for example, negotiates and end-to-end XML stream  
> (XEP-0246), and then negotiates TLS on top of that (RFC 3920), then  
> that's most of the heavyweight aspects actually deployed - hardly  
> nothing. Jingle itself is also well deployed.

Jingle still isn't in Gajim, it's a branch.

That's one of the things I criticized most about C2C TLS: The need for  
Jingle as a transport. It would be far better to have another  
transport that works in-band and is easy to implement, IMO. If we  
could drop the dependency to Jingle and have something like SAS, I'd  
have no problem with it at all :). (Well, key generation sucks, but  
it's only at the first start of the client, anyway, so that advantage  
of ESessions isn't too big.)

> The bit that's missing is the XEP-0247 negotiation, basically.

Hmm, that makes me wonder why no client has implemented it yet.

> No, lots has changed in the past six months - that timeframe  
> includes the publication of the XEPs you appear not to have noticed.

Ok, point taken, they have been released as XEPs, but honestly: Did  
that change anything to the current situation? I don't think so.

> Everything appears dead before it's used, so this is just fear  
> mongering. ESessions, too, was dead. Still is, arguably, since only  
> the one implementation exists, and there's no sign of another on the  
> way.

Well, there are no other implementations anyway because all devs of  
other clients refused. Brandan Taylor offered to port his  
implementation to C and make it a library, which would make it easy to  
integreate it into other clients. Maybe even easier than C2C TLS.

> No, I've clearly stated that we have a heck of a lot more, in some  
> respects, in XTLS than ESessions, most especially in the foundation  
> cryptographic layers.

One working ESessions client vs. no client at all that has a complete  
C2C negotiation, that is.

--
Jonathan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 801 bytes
Desc: This is a digitally signed message part
Url : http://mail.jabber.org/pipermail/standards/attachments/20081125/13f7ec99/attachment.pgp 


More information about the Standards mailing list