[Security] XTLS
Justin Karneges
justin at affinix.com
Sat Mar 17 02:14:59 CDT 2007
On Friday 16 March 2007 8:17 pm, Peter Saint-Andre wrote:
> Justin Karneges wrote:
> > If by XTLS you mean you want to define a usage of TLS (e.g. base64
> > encoding segments of a TLS stream), then that shouldn't be scary at all.
>
> Sure we'd have things like:
>
> <iq>
> <xtls xmlns='urn:xmpp:xtls'>base64</xtls>
> </iq>
>
> The TLS stuff would all be base64-encoded, just hand it off to OpenSSL
> and you're done. Sort of. :) We'd need to bubble the results up to the
> XMPP application layer so the client knows when the negotiation is done.
> And I'm sure there are subtleties. But that is the basic idea AFAICS.
I think you're done. :) Running TLS over an IBB (or similar) stream is not
any different from running TLS over TCP, provided you don't have to fight
your TLS library very much. The client knows when the TLS negotiation is
completed because the TLS library says so.
If we went this route, I'd suggest simply starting an XML stream over the TLS
channel, and using that for stanza exchange. Voila, e2e.
-Justin
More information about the Security
mailing list