[Security] TLS Certificates Verification

Jonathan Schleifer js-xmpp-security at webkeks.org
Tue Aug 19 15:51:37 CDT 2008


Jonathan Dickinson <jonathanD at k2.com> wrote:

> (compared to making
> a new standard which would have no implementations).

ESessions *HAS* implementations! That's the point I bring up again and
again against reinventing the wheel and doing something with TLS now!

> <encrypted from="joe at foo.org" to="mary at foo.org">
>  192376123abd078f123aasdjib123khnasd0u123==
> </encrypted>

Now you're even talk about breaking XMPP Core compatibility?
And libotr can't handle arbitrary data, just messages. For which it
will add HTML escapes if it's plaintext.
 
> Originator-Supported
>       Add <e2e2/> tag to iq query.
> Receiver-Supported
>       Recognise <e2e2/> tag and begin e2e2 negotiation.
> Originator-Unsupported
>       No changes made.
> Receiver-Unsupported
>       No changes to code made, new <e2e2/> tag simply ignored if
> present. Negotate e2e as normal. Receiver-Unsupported
> Originator-Supported When first IQ response it aquired,
> <e2e2>...</e2e2> tag is not present. Continue e2e negotiation.

libotr uses whitespaces to detect support. It's hardcoded.


> As you can see it kinda works the kinks out itself.

Doesn't look like that to me.

-- 
Jonathan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
Url : http://mail.jabber.org/pipermail/security/attachments/20080819/518fc7cd/attachment.pgp 


More information about the Security mailing list