[Security] TLS Certificates Verification
jonathanD at k2.com
Wed Aug 20 00:25:24 CDT 2008
I could have a bash at it today. I do have a demo tonight, but If I find free time then I will do it.
> -----Original Message-----
> From: security-bounces at xmpp.org [mailto:security-bounces at xmpp.org] On
> Behalf Of Peter Saint-Andre
> Sent: Wednesday, August 20, 2008 7:25 AM
> To: XMPP Security
> Subject: Re: [Security] TLS Certificates Verification
> Greg Hudson wrote:
> > On Tue, 2008-08-19 at 21:56 -0600, Peter Saint-Andre wrote:
> >> It does? Negotiate a reliable transport, start an XML stream, and
> >> upgrade the stream to encrypted via STARTTLS, just like we currently
> >> for client-to-server streams. How is that enormously complex?
> >> the reliable transport might not be raw TCP -- it might be a direct
> >> mediated bytestream (XEP-0065), an in-band bytestream (XEP-0047), or
> >> some other reliable transport. But I don't see how that makes the
> >> complexity enormous.
> > If existing TLS libraries can be used for XTLS, then my argument
> > collapses, since those same libraries are already used for channel
> > security. I'm skeptical that it will work; perhaps a proof of
> > is in order.
> I'm all for that. Unfortunately I'm just about the worst coder in the
> XMPP community, so I need to defer to others. I think Dirk Meyer has
> been working on this, but I'm not sure how far he's gotten.
More information about the Security