[JDEV] Security in XMPP/Jabber: some questions

Robert Norris rob at cataclysm.cx
Sun May 25 19:33:09 CDT 2003


> if we take a closer look about SASL there's kerberos, tsl - that is
> the ietf version of netscape's ssl ver 3 , GSSAPI - i've to admit that
> i didnt understand this mechanism much , s/key and external mechanisms
> of authentication... and my question is, why not a simple
> authentication using the pki and based on certification authorities?

Mostly because it requires a PKI, which not everyone has easy access to.
Of course, this kind of thing is still possible - TLS + certificatie
authentication + SASL EXTERNAL will do the job just nicely.

We cater to all worlds if we use both TLS and SASL.

Rob.

-- 
Robert Norris                                       GPG: 1024D/FC18E6C2
Email+Jabber: rob at cataclysm.cx                Web: http://cataclysm.cx/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20030526/64fbfa1b/attachment-0002.pgp>


More information about the JDev mailing list