[Standards] [Fwd: RFC 5081 on Using OpenPGP Keys for Transport Layer Security (TLS) Authentication]

Justin Karneges justin-keyword-jabber.093179 at affinix.com
Mon Nov 5 04:35:55 UTC 2007


On Sunday 04 November 2007 12:29 pm, Peter Saint-Andre wrote:
> Perhaps of interest re XTLS (despite the fact that it is Experimental)...
[...]
> This memo proposes extensions to the Transport Layer Security (TLS)
> protocol to support the OpenPGP key format.  The extensions discussed
> here include a certificate type negotiation mechanism, and the
> required modifications to the TLS Handshake Protocol.  This memo defines
> an Experimental Protocol for the Internet community.

OpenPGP compatibility should be a requirement with whatever e2e scheme we come 
up with.  Additionally, I've long been wanting to use OpenPGP keys for c2s 
authentication instead of X.509 certificates.

However, I don't think extending TLS is a practical way to do this.  Sure, 
there's gnutls which supports the extension, but that's just one library.  
We're a decade away from TLS+OpenPGP being generally available, and this is 
in part because the industry doesn't care about OpenPGP.

I think we should consider this extension in our use of TLS for 
implementations that can manage to do it, but I also think we should find a 
way to incorporate OpenPGP directly into our XMPP handshakes, since that's an 
area that we have more control over.

-Justin



More information about the Standards mailing list