[Standards] [Fwd: RFC 5081 on Using OpenPGP Keys for Transport Layer Security (TLS) Authentication]
justin-keyword-jabber.093179 at affinix.com
Mon Nov 5 04:35:55 UTC 2007
On Sunday 04 November 2007 12:29 pm, Peter Saint-Andre wrote:
> Perhaps of interest re XTLS (despite the fact that it is Experimental)...
> This memo proposes extensions to the Transport Layer Security (TLS)
> protocol to support the OpenPGP key format. The extensions discussed
> here include a certificate type negotiation mechanism, and the
> required modifications to the TLS Handshake Protocol. This memo defines
> an Experimental Protocol for the Internet community.
OpenPGP compatibility should be a requirement with whatever e2e scheme we come
up with. Additionally, I've long been wanting to use OpenPGP keys for c2s
authentication instead of X.509 certificates.
However, I don't think extending TLS is a practical way to do this. Sure,
there's gnutls which supports the extension, but that's just one library.
We're a decade away from TLS+OpenPGP being generally available, and this is
in part because the industry doesn't care about OpenPGP.
I think we should consider this extension in our use of TLS for
implementations that can manage to do it, but I also think we should find a
way to incorporate OpenPGP directly into our XMPP handshakes, since that's an
area that we have more control over.
More information about the Standards