[Security] TLS Certificates Verification
stpeter at stpeter.im
Wed Aug 20 00:25:03 CDT 2008
Greg Hudson wrote:
> On Tue, 2008-08-19 at 21:56 -0600, Peter Saint-Andre wrote:
>> It does? Negotiate a reliable transport, start an XML stream, and
>> upgrade the stream to encrypted via STARTTLS, just like we currently do
>> for client-to-server streams. How is that enormously complex? Granted,
>> the reliable transport might not be raw TCP -- it might be a direct or
>> mediated bytestream (XEP-0065), an in-band bytestream (XEP-0047), or
>> some other reliable transport. But I don't see how that makes the
>> complexity enormous.
> If existing TLS libraries can be used for XTLS, then my argument
> collapses, since those same libraries are already used for channel
> security. I'm skeptical that it will work; perhaps a proof of concept
> is in order.
I'm all for that. Unfortunately I'm just about the worst coder in the
XMPP community, so I need to defer to others. I think Dirk Meyer has
been working on this, but I'm not sure how far he's gotten.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/security/attachments/20080819/f6559bf9/attachment-0001.bin
More information about the Security