[Security] XTLS

Peter Saint-Andre stpeter at jabber.org
Fri Mar 16 22:17:00 CDT 2007


Justin Karneges wrote:
> On Friday 16 March 2007 3:25 pm, Peter Saint-Andre wrote:
>> In the XMPP Council meeting held earlier this week, Council member Chris
>> Mullins said:
>>
>> [13:52:55] <Chris Mullins> xTLS scares me to death.
>> [13:53:11] <Chris Mullins> I do NOT want to implement that, nor deal
>> with the implications of implementing it.
>>
>> Chris, do you care to elaborate?
>>
>> It might be helpful to have a stub document that shows what XTLS would
>> look like. I'll try to put something together soon, if only for my own
>> understanding.
> 
> First, what do you mean by XTLS?  If you mean you want to define a TLS 
> variant, in the same way that was done with DTLS, then yes that is a scary 
> notion (although it is probably no more scary than ESessions).

My initial understanding of the suggestion was to map all the TLS 
primitives to XMPP syntax. That was a misunderstanding.

> If by XTLS you mean you want to define a usage of TLS (e.g. base64 encoding 
> segments of a TLS stream), then that shouldn't be scary at all.

Sure we'd have things like:

<iq>
   <xtls xmlns='urn:xmpp:xtls'>base64</xtls>
</iq>

The TLS stuff would all be base64-encoded, just hand it off to OpenSSL 
and you're done. Sort of. :) We'd need to bubble the results up to the 
XMPP application layer so the client knows when the negotiation is done. 
And I'm sure there are subtleties. But that is the basic idea AFAICS.

Peter

-- 
Peter Saint-Andre
XMPP Standards Foundation
http://www.xmpp.org/xsf/people/stpeter.shtml

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/security/attachments/20070316/680a0d02/smime-0001.bin


More information about the Security mailing list