[Security] TLS Certificates Verification

Greg Hudson ghudson at MIT.EDU
Wed Aug 20 00:19:32 CDT 2008


On Tue, 2008-08-19 at 21:56 -0600, Peter Saint-Andre wrote:
> It does? Negotiate a reliable transport, start an XML stream, and 
> upgrade the stream to encrypted via STARTTLS, just like we currently do 
> for client-to-server streams. How is that enormously complex? Granted, 
> the reliable transport might not be raw TCP -- it might be a direct or 
> mediated bytestream (XEP-0065), an in-band bytestream (XEP-0047), or 
> some other reliable transport. But I don't see how that makes the 
> complexity enormous.

If existing TLS libraries can be used for XTLS, then my argument
collapses, since those same libraries are already used for channel
security.  I'm skeptical that it will work; perhaps a proof of concept
is in order.




More information about the Security mailing list