[Security] TLS Certificates Verification
js-xmpp-security at webkeks.org
Tue Aug 19 15:51:37 CDT 2008
Jonathan Dickinson <jonathanD at k2.com> wrote:
> (compared to making
> a new standard which would have no implementations).
ESessions *HAS* implementations! That's the point I bring up again and
again against reinventing the wheel and doing something with TLS now!
> <encrypted from="joe at foo.org" to="mary at foo.org">
Now you're even talk about breaking XMPP Core compatibility?
And libotr can't handle arbitrary data, just messages. For which it
will add HTML escapes if it's plaintext.
> Add <e2e2/> tag to iq query.
> Recognise <e2e2/> tag and begin e2e2 negotiation.
> No changes made.
> No changes to code made, new <e2e2/> tag simply ignored if
> present. Negotate e2e as normal. Receiver-Unsupported
> Originator-Supported When first IQ response it aquired,
> <e2e2>...</e2e2> tag is not present. Continue e2e negotiation.
libotr uses whitespaces to detect support. It's hardcoded.
> As you can see it kinda works the kinks out itself.
Doesn't look like that to me.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: not available
Url : http://mail.jabber.org/pipermail/security/attachments/20080819/518fc7cd/attachment.pgp
More information about the Security