[Security] XTLS

Justin Karneges justin at affinix.com
Fri Mar 16 18:06:23 CDT 2007


On Friday 16 March 2007 3:25 pm, Peter Saint-Andre wrote:
> In the XMPP Council meeting held earlier this week, Council member Chris
> Mullins said:
>
> [13:52:55] <Chris Mullins> xTLS scares me to death.
> [13:53:11] <Chris Mullins> I do NOT want to implement that, nor deal
> with the implications of implementing it.
>
> Chris, do you care to elaborate?
>
> It might be helpful to have a stub document that shows what XTLS would
> look like. I'll try to put something together soon, if only for my own
> understanding.

First, what do you mean by XTLS?  If you mean you want to define a TLS 
variant, in the same way that was done with DTLS, then yes that is a scary 
notion (although it is probably no more scary than ESessions).

If by XTLS you mean you want to define a usage of TLS (e.g. base64 encoding 
segments of a TLS stream), then that shouldn't be scary at all.

-Justin


More information about the Security mailing list