[Security] TLS Certificates Verification
stpeter at stpeter.im
Tue Aug 19 16:39:26 CDT 2008
Jonathan Schleifer wrote:
> Dirk Meyer <dmeyer at tzi.de> wrote:
>> One point is that we may also have serverless messaging. In that case
>> we already open a new stream and get TLS for free. The idea was to
>> have one way for both serverless and server based messaging.
> Should be possible with ESessions. :)
> stpeter? Is it?
Sure. Negotiate your stream (as in XEP-0174) and then negotiate ESessions.
>> And out. I need iq stanzas to be encrypted, too. Everything else is
>> useless for me. In fact, 90% of the data I plan to send are iq
> Normally, you send more messages than IQs :P.
That depends on who "you" are. It might not be true of a web service
that sends SOAP over XMPP, or some other automated process.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/security/attachments/20080819/ebbb639d/attachment-0001.bin
More information about the Security