[Security] TLS Certificates Verification

Peter Saint-Andre stpeter at stpeter.im
Tue Aug 19 16:39:26 CDT 2008


Jonathan Schleifer wrote:
> Dirk Meyer <dmeyer at tzi.de> wrote:
> 
>> One point is that we may also have serverless messaging. In that case
>> we already open a new stream and get TLS for free. The idea was to
>> have one way for both serverless and server based messaging.
> 
> Should be possible with ESessions. :)
> stpeter? Is it?

Sure. Negotiate your stream (as in XEP-0174) and then negotiate ESessions.

>> And out. I need iq stanzas to be encrypted, too. Everything else is
>> useless for me. In fact, 90% of the data I plan to send are iq
>> stanzas.
> 
> Normally, you send more messages than IQs :P.

That depends on who "you" are. It might not be true of a web service 
that sends SOAP over XMPP, or some other automated process.

/psa

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/security/attachments/20080819/ebbb639d/attachment-0001.bin 


More information about the Security mailing list