[Security] PGP (XEP-0027)

Peter Saint-Andre stpeter at stpeter.im
Tue Jun 2 16:20:52 CDT 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 6/2/09 2:59 PM, Dirk Meyer wrote:
> Peter Saint-Andre wrote:
>> On 6/2/09 1:56 PM, Dave Cridland wrote:
>> 
>>> it's formatting, since ideally you want to
>>> sign everything (including <iq/>) in a way that lets those signatures be
>>> ignorable to naïve actors, which is going to be a tough one to solve.
>>> (Easy for messages, but impossible for <iq/> as far as I can see.)
>> Some folks who said they were using XMLdsig for XMPP were lobbying me to
>> relax the one-payload rule for IQs so that they could include the
>> signature along with the regular payload.
> 
> IMHO XMLdsig is very scary. That is one reason why I changed XEP-0189 to
> use binary format. I have no idea how to support signatures only, but
> encrypt and sign can work without XMLdsig. Just take the stanza, encrypt
> it, and sign the binary data. But I admit, I'm not up-to-date what
> XMLdsig is doing.

I agree about XMLdsig. Any technology that has needed 3 or 4 different
canonicalization transforms is scary to me. :)

Peter

- --
Peter Saint-Andre
https://stpeter.im/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkoll7QACgkQNL8k5A2w/vxm3gCfZWGwfVrwhPD7E7bZjCJv4rPl
bPAAoLOreKCBpbUzIyUSTOFKsXhLn0ZW
=SMGg
-----END PGP SIGNATURE-----


More information about the Security mailing list