[Security] TLS Certificates Verification

Peter Saint-Andre stpeter at stpeter.im
Wed Aug 20 00:25:03 CDT 2008


Greg Hudson wrote:
> On Tue, 2008-08-19 at 21:56 -0600, Peter Saint-Andre wrote:
>> It does? Negotiate a reliable transport, start an XML stream, and 
>> upgrade the stream to encrypted via STARTTLS, just like we currently do 
>> for client-to-server streams. How is that enormously complex? Granted, 
>> the reliable transport might not be raw TCP -- it might be a direct or 
>> mediated bytestream (XEP-0065), an in-band bytestream (XEP-0047), or 
>> some other reliable transport. But I don't see how that makes the 
>> complexity enormous.
> 
> If existing TLS libraries can be used for XTLS, then my argument
> collapses, since those same libraries are already used for channel
> security.  I'm skeptical that it will work; perhaps a proof of concept
> is in order.

I'm all for that. Unfortunately I'm just about the worst coder in the 
XMPP community, so I need to defer to others. I think Dirk Meyer has 
been working on this, but I'm not sure how far he's gotten.

/psa
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/security/attachments/20080819/f6559bf9/attachment-0001.bin 


More information about the Security mailing list