[Security] TLS Certificates Verification
stpeter at stpeter.im
Wed Aug 20 12:58:09 CDT 2008
Dave Cridland wrote:
> On Wed Aug 20 18:43:32 2008, Peter Saint-Andre wrote:
>> And that's not even to get into the Layer 8 issues of what the IETF
>> security mafia might find acceptable -- RFC 3921 requires support for
>> RFC 3923 and we need to substitute something reasonable for that ugly
>> ugly S/MIME stuff that no one has ever implemented and no one ever will.
> Hmmm... Now probably not a good time to mention that we probably *will*
> need to have a per-stanza signing (and possible encrypting) spec in some
> cases, too. Luckily, these are all specialist cases, like signing pubsub
> items, MUC messages, etc. And, erm, security labelling. Because this is
> signature stuff, X.509 is basically our single weapon of choice here -
> we could do S/MIME, therefore, but even the people doing this stuff now
> aren't using S/MIME.
> FWIW, all the use cases I know of are not encrypted, just signed, at
> least for now - encrypted MUC or pubsub isn't on my radar.
Yes, I have heard of interest in signing pubsub notifications. MUC is
another story, but I think we'd want a separate thread for that!
> I'm vaguely hoping the W3C dsig stuff has ended up a bit more proven and
> working by the time we need this, though, so we again save ourselves
> from having to reinvent wheels.
/me signs up for w3c-ietf-xmldsig at w3.org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/security/attachments/20080820/e4c2cdeb/attachment-0001.bin
More information about the Security