[Security] TLS Certificates Verification
js-xmpp-security at webkeks.org
Tue Aug 19 08:08:16 CDT 2008
Am 19.08.2008 um 14:13 schrieb Eric Rescorla:
> Yes, I've noticed we're all using that.
We do. For example, all Gajim users do by default. This is why I'm
*STRONGLY* against introducing yet another protocol. We already have
> Hmm... Is this the most recent version?
> I've just skimmed it, but the list of things it appears to be
> missing that
> are already in TLS includes:
> - Support for ECC
> - Support for RSA
> - Any form of session resumption
> - An extensions framework
> - Support for AEAD ciphers
> - A PAKE mode.
> Oh, yeah, is there some writeup of how the stanzas are actually
> protected once
> you've established the keys? I see how you negotiate the
> *encryption* algorithm
> but not the integrity algorithm and I don't see how you use either
> to protect
> the actual traffic. Maybe I'm just reading the wrong document.
This is just the negotiation. ESessions consists of multiple XEPs. I
don't know which of the negotiation XEPs was the simpliefied one. But
IIRC, there was RSA support for public keys (but I won't guarantee it).
> Look, I'm not trying to sell TLS to XMPP; it doesn't matter to me much
> what XMPP does. But if you want to provide a solution that users will
> actually find tolerable, it seems to me that it would be good to
> assess what functionality you want the system to provide and *then*
> ask how it can best be provided, rather than starting with a given
> protocol and say "prove to me it's not good enough".
IMO, ESessions is already tolerable. We should fix the remaining
issues instead of inventing the wheel again with yet another protocol.
And while TLS for end-to-end is talk about the future, ESessions is
already here and implemented.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: This is a digitally signed message part
Url : http://mail.jabber.org/pipermail/security/attachments/20080819/cec53b69/attachment.pgp
More information about the Security