[Security] TLS Certificates Verification

Jonathan Dickinson jonathanD at k2.com
Wed Aug 20 00:25:24 CDT 2008


I could have a bash at it today. I do have a demo tonight, but If I find free time then I will do it.


> -----Original Message-----
> From: security-bounces at xmpp.org [mailto:security-bounces at xmpp.org] On
> Behalf Of Peter Saint-Andre
> Sent: Wednesday, August 20, 2008 7:25 AM
> To: XMPP Security
> Subject: Re: [Security] TLS Certificates Verification
>
> Greg Hudson wrote:
> > On Tue, 2008-08-19 at 21:56 -0600, Peter Saint-Andre wrote:
> >> It does? Negotiate a reliable transport, start an XML stream, and
> >> upgrade the stream to encrypted via STARTTLS, just like we currently
> do
> >> for client-to-server streams. How is that enormously complex?
> Granted,
> >> the reliable transport might not be raw TCP -- it might be a direct
> or
> >> mediated bytestream (XEP-0065), an in-band bytestream (XEP-0047), or
> >> some other reliable transport. But I don't see how that makes the
> >> complexity enormous.
> >
> > If existing TLS libraries can be used for XTLS, then my argument
> > collapses, since those same libraries are already used for channel
> > security.  I'm skeptical that it will work; perhaps a proof of
> concept
> > is in order.
>
> I'm all for that. Unfortunately I'm just about the worst coder in the
> XMPP community, so I need to defer to others. I think Dirk Meyer has
> been working on this, but I'm not sure how far he's gotten.
>
> /psa


More information about the Security mailing list