stpeter at jabber.org
Wed Mar 21 11:34:46 CDT 2007
Justin Karneges wrote:
> On Friday 16 March 2007 8:17 pm, Peter Saint-Andre wrote:
>> Justin Karneges wrote:
>>> If by XTLS you mean you want to define a usage of TLS (e.g. base64
>>> encoding segments of a TLS stream), then that shouldn't be scary at all.
>> Sure we'd have things like:
>> <xtls xmlns='urn:xmpp:xtls'>base64</xtls>
>> The TLS stuff would all be base64-encoded, just hand it off to OpenSSL
>> and you're done. Sort of. :) We'd need to bubble the results up to the
>> XMPP application layer so the client knows when the negotiation is done.
>> And I'm sure there are subtleties. But that is the basic idea AFAICS.
> I think you're done. :) Running TLS over an IBB (or similar) stream is not
> any different from running TLS over TCP, provided you don't have to fight
> your TLS library very much. The client knows when the TLS negotiation is
> completed because the TLS library says so.
I don't know if we need IBB for that, why not put it in a dedicated
namespace? IBB is general, xtls is more specific.
> If we went this route, I'd suggest simply starting an XML stream over the TLS
> channel, and using that for stanza exchange. Voila, e2e.
What exactly is the TLS channel? My understanding is that you'd exchange
these <message><xtls>base64</xtls></message> stanzas to do the
negotiation and then you'd have a TLS channel over XMPP, so all your
comms with the other person would now be included in those <xtls/>
elements. But probably I'm missing something -- would we use <xtls/>
only for the negotiation? If so, then what?
XMPP Standards Foundation
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/security/attachments/20070321/61d25920/smime-0001.bin
More information about the Security