[Security] PGP (XEP-0027)

Peter Saint-Andre stpeter at stpeter.im
Tue Jun 2 15:01:59 CDT 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 6/2/09 1:56 PM, Dave Cridland wrote:
> On Tue Jun  2 18:56:35 2009, Jonathan Schleifer wrote:
>> What if DSA gets completely broken someday? Then we're screwed. And if
>> we want to be algorithm-independant, we need to implement something
>> very similar to OpenPGP anyway.
> 
> Or TLS.
> 
> Which, incidentally, can use PGP keys.

AFAIK only GnuTLS has (experimental) support for RFC 5081 (which is
itself experimental):

http://tools.ietf.org/html/rfc5081

> But in any case, I don't think the crypto is actually the tricky bit
> with single-message stuff, it's formatting, since ideally you want to
> sign everything (including <iq/>) in a way that lets those signatures be
> ignorable to naïve actors, which is going to be a tough one to solve.
> (Easy for messages, but impossible for <iq/> as far as I can see.)

Some folks who said they were using XMLdsig for XMPP were lobbying me to
relax the one-payload rule for IQs so that they could include the
signature along with the regular payload. But that's a topic for the
newly restarted XMPP WG:

http://tools.ietf.org/wg/xmpp/

Peter

- --
Peter Saint-Andre
https://stpeter.im/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkolhTcACgkQNL8k5A2w/vyY1ACfRuRkoj/ICCmYnalB04clxts4
qIoAnj+tEuoSIbSqs8BhBZ/gMNytusHI
=yDRQ
-----END PGP SIGNATURE-----


More information about the Security mailing list