[Security] XTLS

Justin Karneges justin at affinix.com
Sat Mar 17 02:14:59 CDT 2007


On Friday 16 March 2007 8:17 pm, Peter Saint-Andre wrote:
> Justin Karneges wrote:
> > If by XTLS you mean you want to define a usage of TLS (e.g. base64
> > encoding segments of a TLS stream), then that shouldn't be scary at all.
>
> Sure we'd have things like:
>
> <iq>
>    <xtls xmlns='urn:xmpp:xtls'>base64</xtls>
> </iq>
>
> The TLS stuff would all be base64-encoded, just hand it off to OpenSSL
> and you're done. Sort of. :) We'd need to bubble the results up to the
> XMPP application layer so the client knows when the negotiation is done.
> And I'm sure there are subtleties. But that is the basic idea AFAICS.

I think you're done. :)  Running TLS over an IBB (or similar) stream is not 
any different from running TLS over TCP, provided you don't have to fight 
your TLS library very much.  The client knows when the TLS negotiation is 
completed because the TLS library says so.

If we went this route, I'd suggest simply starting an XML stream over the TLS 
channel, and using that for stanza exchange.  Voila, e2e.

-Justin


More information about the Security mailing list