[Security] PGP (XEP-0027)

Peter Saint-Andre stpeter at stpeter.im
Tue Jun 2 18:17:41 CDT 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 6/2/09 3:49 PM, Dave Cridland wrote:
> On Tue Jun  2 21:43:00 2009, Peter Saint-Andre wrote:
>> Thanks for the clarification. Personally I'd love to have key-login to
>> XMPP servers (and HTTP servers!)
> 
> Pick the right client and server, and you can do this already, albeit
> with X.509 rather than PGP.

Problem is, how many people have PGP keys or X.509 certs? Even the
security geeks on this list don't seem to use such technologies!

>>  so that we could move beyond passwords
>> for authentication.
> 
> To be fair, that needs smart cards. (Unless you ignore the passphrase
> needed somewhere).

I meant that passwords need not be exchange over the wire if you're
doing SASL EXTERNAL.

Peter

- --
Peter Saint-Andre
https://stpeter.im/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkolsxUACgkQNL8k5A2w/vwDgQCffO5X1JDNnO/OEBGtHr37F7fc
k5MAoPVo07w6FX3coFSwPOQfOx8aXg64
=BNbg
-----END PGP SIGNATURE-----



More information about the Security mailing list