AW: [Security] XTLS

Peter Saint-Andre stpeter at jabber.org
Wed Mar 21 11:20:39 CDT 2007


Matthias Wimmer wrote:
> Alexander Gnauck schrieb:
>> I agree with Justin, it shold be be that hard to implement if your TLS
>> library gives you access to the stream.
>> But what about the certificates?
> 
> You can do TLS with and without certificates. If you are doing it with
> them you can use certificates issued by a CA or with self-signed ones,
> you can even use PGP keys as certificates in TLS
> (draft-ietf-tls-openpgp-keys-11.txt). If you are using TLS without
> certificates you can do anonymous key exchange, use preshared keys for
> authentication or use the Secure Remote Password protocol for
> authentication.
> 
> So I don't think that certificates are a problem ...

Yes. There are TLS cipher-suites that don't require PKI (self-signed or 
whatever), so we could use those.

Peter

-- 
Peter Saint-Andre
XMPP Standards Foundation
http://www.xmpp.org/xsf/people/stpeter.shtml

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/security/attachments/20070321/0545b24d/smime.bin


More information about the Security mailing list