[Security] PGP (XEP-0027)
stpeter at stpeter.im
Tue Jun 2 15:01:59 CDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
On 6/2/09 1:56 PM, Dave Cridland wrote:
> On Tue Jun 2 18:56:35 2009, Jonathan Schleifer wrote:
>> What if DSA gets completely broken someday? Then we're screwed. And if
>> we want to be algorithm-independant, we need to implement something
>> very similar to OpenPGP anyway.
> Or TLS.
> Which, incidentally, can use PGP keys.
AFAIK only GnuTLS has (experimental) support for RFC 5081 (which is
> But in any case, I don't think the crypto is actually the tricky bit
> with single-message stuff, it's formatting, since ideally you want to
> sign everything (including <iq/>) in a way that lets those signatures be
> ignorable to naïve actors, which is going to be a tough one to solve.
> (Easy for messages, but impossible for <iq/> as far as I can see.)
Some folks who said they were using XMLdsig for XMPP were lobbying me to
relax the one-payload rule for IQs so that they could include the
signature along with the regular payload. But that's a topic for the
newly restarted XMPP WG:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Security