[Security] TLS Certificates Verification
js-xmpp-security at webkeks.org
Tue Aug 19 08:16:43 CDT 2008
Am 19.08.2008 um 14:20 schrieb Eric Rescorla
> And of course, this library will be totally perfect, not need any
It's a *huge* difference if someone who doesn't have an idea about
crypto tries to implement it using OpenSSL in some Jabber client or if
they use a library that is ready to use, written by some people who
know much about cryptography. It's like you tell a database programmer
who never did anything with graphics to write a 3D engine.
> I'm certainly sensitive to the complaint that libraries like OpenSSL
> give the programmer
> too much freedom, but that seems to me to be primarily an issue of
> providing an
> appropriate wrapper API. I don't see that that motivates designing an
> entirely new
> protocol which must then be maintained, and also requires a new
> that must itself be maintained. This has proven to be a significant
> amount of
> work for all the COMSEC protocols of which I am aware, and given
> that XSF's
> expertise isn't primarily in COMSEC, I don't see any reason to
> expect that its
> experience would be different.
Sure, we could have something like libxmpptls.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: This is a digitally signed message part
Url : http://mail.jabber.org/pipermail/security/attachments/20080819/6fa236f0/attachment.pgp
More information about the Security