[Security] PGP (XEP-0027)
stpeter at stpeter.im
Tue Jun 2 18:17:41 CDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
On 6/2/09 3:49 PM, Dave Cridland wrote:
> On Tue Jun 2 21:43:00 2009, Peter Saint-Andre wrote:
>> Thanks for the clarification. Personally I'd love to have key-login to
>> XMPP servers (and HTTP servers!)
> Pick the right client and server, and you can do this already, albeit
> with X.509 rather than PGP.
Problem is, how many people have PGP keys or X.509 certs? Even the
security geeks on this list don't seem to use such technologies!
>> so that we could move beyond passwords
>> for authentication.
> To be fair, that needs smart cards. (Unless you ignore the passphrase
> needed somewhere).
I meant that passwords need not be exchange over the wire if you're
doing SASL EXTERNAL.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Security