[Security] PGP (XEP-0027)

Dirk Meyer dmeyer at tzi.de
Mon Aug 3 08:42:13 CDT 2009


Peter Saint-Andre wrote:
> On 6/3/09 4:35 AM, Simon Josefsson wrote:
>> Time to restart this document, perhaps?
>> 
>> http://www.melnikov.ca/mel/Drafts/draft-burdis-cat-srp-sasl-07.txt
>> 
>> I would replace the security layer with a channel binding to TLS,
>> though.
>
> Interesting. It's 7 years old, but might be worth restarting.

It looks like the cyrus-sasl library already has support for it. If we
throw in some channel binding ideas (e.g. merge the certificate
fingerprints into the password) we could use SASL to verify the TLS
end-to-end characteristic.


Dirk

-- 
/* After several hours of tedious analysis, the following hash
 * function won.  Do not mess with it... -DaveM
 */
	2.2.16 /usr/src/linux/fs/buffer.c


More information about the Security mailing list