[Security] TLS Certificates Verification

Jonathan Schleifer js-xmpp-security at webkeks.org
Tue Aug 19 16:11:11 CDT 2008


Jonathan Dickinson <jonathanD at k2.com> wrote:

> ESessions is pretty swanky, I must admit. I must have missed the
> email about it somehow. Has it been reviewed at all? What protocol is
> it based on?

It's more or less OTR done properly. And XMPPish.

> But the protocol itself is still probably useful if it is made
> more formal.

OTR was the inspiration for ESessions, I guess. At least, they are very
similar.

> All that I am saying is that instead of coming up with our own
> protocols etc. we should be concentrating on how existing ones could
> be made to fit into the current XMPP standards.

ESessions already exists, so it's an existing one :P.

PS: Producing TOFU (http://en.wikipedia.org/wiki/TOFU) on a mailing
list isn't so nice :/

-- 
Jonathan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
Url : http://mail.jabber.org/pipermail/security/attachments/20080819/b4f267b4/attachment.pgp 


More information about the Security mailing list