[Security] PGP (XEP-0027)
stpeter at stpeter.im
Tue Jun 2 15:43:00 CDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
On 6/2/09 2:34 PM, Simon Josefsson wrote:
> Peter Saint-Andre <stpeter at stpeter.im> writes:
>> On 6/2/09 1:56 PM, Dave Cridland wrote:
>>> On Tue Jun 2 18:56:35 2009, Jonathan Schleifer wrote:
>>>> What if DSA gets completely broken someday? Then we're screwed. And if
>>>> we want to be algorithm-independant, we need to implement something
>>>> very similar to OpenPGP anyway.
>>> Or TLS.
>>> Which, incidentally, can use PGP keys.
>> AFAIK only GnuTLS has (experimental) support for RFC 5081 (which is
>> itself experimental):
> The OpenPGP implementation in GnuTLS is not experimental. I believe the
> RFC is experimental for IETF political reasons, there is no organized
> experiment conducted as far as I know.
Thanks for the clarification. Personally I'd love to have key-login to
XMPP servers (and HTTP servers!) so that we could move beyond passwords
for authentication. Perhaps we need to lean on the OpenSSL folks about
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Security