AW: [Security] XTLS

Peter Saint-Andre stpeter at
Wed Mar 21 11:20:39 CDT 2007

Matthias Wimmer wrote:
> Alexander Gnauck schrieb:
>> I agree with Justin, it shold be be that hard to implement if your TLS
>> library gives you access to the stream.
>> But what about the certificates?
> You can do TLS with and without certificates. If you are doing it with
> them you can use certificates issued by a CA or with self-signed ones,
> you can even use PGP keys as certificates in TLS
> (draft-ietf-tls-openpgp-keys-11.txt). If you are using TLS without
> certificates you can do anonymous key exchange, use preshared keys for
> authentication or use the Secure Remote Password protocol for
> authentication.
> So I don't think that certificates are a problem ...

Yes. There are TLS cipher-suites that don't require PKI (self-signed or 
whatever), so we could use those.


Peter Saint-Andre
XMPP Standards Foundation

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
Url :

More information about the Security mailing list