[Security] TLS Certificates Verification
whateley at gmail.com
Tue Aug 19 19:24:15 CDT 2008
On Tue, Aug 19, 2008 at 05:13:10AM -0700, Eric Rescorla wrote:
> - Support for RSA
You can use an RSA or DSA public key for authentication.
> - Any form of session resumption
Not sure what you mean by this, but it may be covered by the Shared
> - An extensions framework
I'm not sure what kind of extensions you're thinking of, but I would
hope that XMPP and XEP-0155 session negotiation would already provide
most of the extensibility you'd want.
> Oh, yeah, is there some writeup of how the stanzas are actually protected once
> you've established the keys? I see how you negotiate the *encryption* algorithm
> but not the integrity algorithm and I don't see how you use either to protect
> the actual traffic. Maybe I'm just reading the wrong document.
That's in XEP-0200.
> But if you want to provide a solution that users will
> actually find tolerable, it seems to me that it would be good to actually
> assess what functionality you want the system to provide and *then*
> ask how it can best be provided, rather than starting with a given
> protocol and say "prove to me it's not good enough".
I think that's what XEP-0188 was written for (which ESessions was
specifically designed to satisfy).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 197 bytes
Desc: not available
Url : http://mail.jabber.org/pipermail/security/attachments/20080819/35ae3ac5/attachment.pgp
More information about the Security