[Security] TLS Certificates Verification
dmeyer at tzi.de
Tue Aug 19 16:02:27 CDT 2008
Jonathan Schleifer wrote:
> Jonathan Dickinson <jonathanD at k2.com> wrote:
>> (compared to making
>> a new standard which would have no implementations).
> ESessions *HAS* implementations! That's the point I bring up again
> and again against reinventing the wheel and doing something with TLS
One point is that we may also have serverless messaging. In that case
we already open a new stream and get TLS for free. The idea was to
have one way for both serverless and server based messaging.
> Now you're even talk about breaking XMPP Core compatibility?
He wrote that when we would update client-server communication. Let us
do that someday else. :) Right now we only need client to client
encryption. That does not involve any core changes.
> And libotr can't handle arbitrary data, just messages.
And out. I need iq stanzas to be encrypted, too. Everything else is
useless for me. In fact, 90% of the data I plan to send are iq
> For which it will add HTML escapes if it's plaintext.
And out again. The last 10% I will use for messages are more or less
just pubsub messages. HTML does not belong there. Yes, I plan to use
client to client pubsub.
And on the seventh day, He exited from append mode.
More information about the Security