AW: [Security] XTLS
Peter Saint-Andre
stpeter at jabber.org
Wed Mar 21 11:20:39 CDT 2007
Matthias Wimmer wrote:
> Alexander Gnauck schrieb:
>> I agree with Justin, it shold be be that hard to implement if your TLS
>> library gives you access to the stream.
>> But what about the certificates?
>
> You can do TLS with and without certificates. If you are doing it with
> them you can use certificates issued by a CA or with self-signed ones,
> you can even use PGP keys as certificates in TLS
> (draft-ietf-tls-openpgp-keys-11.txt). If you are using TLS without
> certificates you can do anonymous key exchange, use preshared keys for
> authentication or use the Secure Remote Password protocol for
> authentication.
>
> So I don't think that certificates are a problem ...
Yes. There are TLS cipher-suites that don't require PKI (self-signed or
whatever), so we could use those.
Peter
--
Peter Saint-Andre
XMPP Standards Foundation
http://www.xmpp.org/xsf/people/stpeter.shtml
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/security/attachments/20070321/0545b24d/smime.bin
More information about the Security
mailing list