[Security] TLS Certificates Verification

Dirk Meyer dmeyer at tzi.de
Tue Aug 19 16:10:15 CDT 2008


Jonathan Schleifer wrote:
> Peter Saint-Andre <stpeter at stpeter.im> wrote:
>
>> But then we realized we'd have more code reuse if we started an 
>> end-to-end stream and upgraded via STARTTLS:
>> 
>> http://www.xmpp.org/extensions/xep-0246.html
>
> I don't see a way to have multiple end to end streams at once? You are
> inside a <stream:stream> for the server connection, then you open
> another for end to end. So I can only have one e2e stream at once? Or
> did I get it wrong and this isn't <stream:stream> inside
> <stream:stream>, but a new connection, peer to peer? If so, this will
> give many problems.
> Sorry if I missed something, I'm tired and just had a quick look at it.

You open a stream from client to client. It could be based on In-band
bytestreams. Normally used for file transfer and stuff like that we
use it to open a new stream. So you have one stream to the server and
one stream (maybe tunneled through the server) to the other
client. You can open as many streams to other clients as you want.


Dirk

-- 
A man generally has two reasons for doing a thing. One that sounds
good, and a real one.


More information about the Security mailing list