[Security] PGP (XEP-0027)

Simon Josefsson simon at josefsson.org
Wed Jun 3 00:19:18 CDT 2009

Dirk Meyer <dmeyer at tzi.de> writes:

> Peter Saint-Andre wrote:
>> On 6/2/09 1:56 PM, Dave Cridland wrote:
>>> On Tue Jun  2 18:56:35 2009, Jonathan Schleifer wrote:
>>>> What if DSA gets completely broken someday? Then we're screwed. And if
>>>> we want to be algorithm-independant, we need to implement something
>>>> very similar to OpenPGP anyway.
>>> Or TLS.
>>> Which, incidentally, can use PGP keys.
>> AFAIK only GnuTLS has (experimental) support for RFC 5081
> Yes. IIRC GnuTLS is the only lib with SRP and GPG support.

There are other TLS libraries with SRP support, including:


There are patches for OpenSSL to implement it as well:


> But neither is exposed in language bindings (except maybe guile).

Patches welcome. ;)


More information about the Security mailing list