[Security] TLS Certificates Verification
stpeter at stpeter.im
Tue Aug 19 15:57:08 CDT 2008
Jonathan Schleifer wrote:
> Jonathan Dickinson <jonathanD at k2.com> wrote:
>> (compared to making
>> a new standard which would have no implementations).
> ESessions *HAS* implementations! That's the point I bring up again and
> again against reinventing the wheel and doing something with TLS now!
ESessions has one implementation. As far as I know, we cannot use the
plural "implementations" w.r.t. ESessions.
>> <encrypted from="joe at foo.org" to="mary at foo.org">
> Now you're even talk about breaking XMPP Core compatibility?
> And libotr can't handle arbitrary data, just messages. For which it
> will add HTML escapes if it's plaintext.
>> Add <e2e2/> tag to iq query.
>> Recognise <e2e2/> tag and begin e2e2 negotiation.
>> No changes made.
>> No changes to code made, new <e2e2/> tag simply ignored if
>> present. Negotate e2e as normal. Receiver-Unsupported
>> Originator-Supported When first IQ response it aquired,
>> <e2e2>...</e2e2> tag is not present. Continue e2e negotiation.
> libotr uses whitespaces to detect support. It's hardcoded.
And other ugliness.
>> As you can see it kinda works the kinks out itself.
> Doesn't look like that to me.
As far as I can see, OTR doesn't meet the requirements specified in
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/security/attachments/20080819/19d2d19c/attachment.bin
More information about the Security