[Standards-JIG] certificate and private key retreival

maqi at jabberstudio.org maqi at jabberstudio.org
Wed Mar 17 18:50:42 UTC 2004


On Wed, 17 Mar 2004, Ian Paterson wrote:

> So it might not be possible to integrate with some 'blackbox' legacy
> authentication systems.

If one really wanted to implement such a thing, perhaps implementing it
purely client-side would be nice. For example, a branded client could
default to the "unified password" approach. It stores only for example
SHA1(passwd.":xmpp-client") as the user's "password". The private key's
password could be, for example, SHA1(passwd.":private-key") or something.
This way, the (hashed) private key's password is independent from the
Jabber password which is probably more secure. Also, other passwords for
other purposes can be generated easily.

However, this is more kind of a nice way to generate passwords and nothing
really Jabber-related.

Regards



More information about the Standards mailing list