[Security] TLS Certificates Verification
js-xmpp-security at webkeks.org
Wed Aug 20 09:15:32 CDT 2008
Am 19.08.2008 um 23:37 schrieb Peter Saint-Andre:
> It's not hacky, it's a clever hack:
> 1. Negotiate a reliable transport (could be a direct TCP connection,
> could be in-band bytestreams over XMPP, whatever).
> 2. Start an XML stream.
> 3. Upgrade the stream to encrypted using STARTTLS.
> You'll notice that this is exactly what we already do for XMPP as
> defined in RFC 3920. It's just that for end-to-end streams the
> transport might not be a direct TCP connection as in RFC 3920.
This is hacky as soon as we use it in-band, as that means we need to
escape it somehow, and that'll most likely be Base64.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: This is a digitally signed message part
Url : http://mail.jabber.org/pipermail/security/attachments/20080820/b2e6f584/attachment.pgp
More information about the Security