[Security] PGP (XEP-0027)

Jiří Zárevúcky zarevucky.jiri at gmail.com
Tue Jun 2 12:11:54 CDT 2009


2009/6/2 Stephen Paul Weber <singpolyma at singpolyma.net>:
> Somebody signing messages as Peter Saint-Andre wrote:
>> As I understood it, we were thinking that clients would generate a
>> simple key (not PGP) for use in session security. That key could be
>> signed with an OpenPGP key or X.509 cert if the user has such a beast,
>> but we would not introduce a dependency on OpenPGP or X.509.
>
> Instead you would introduce a dependency on some new key format of your
> invention? This does not seem to be a win.  The benefit of supporting
> OpenPGP and X.509 keys is the formats are already standardised, well
> understood and supported, and widely depolyed.
>

The difference there would be that the custom keys could be very
simple to implement as part of XMPP library. To support OpenPGP and
certificates you need external libraries (unless you want to implement
those beasts from scratch). Although, I'm not really into security, so
I probably can't understand all the implications of such approach.


More information about the Security mailing list