[Standards] XMPP and W3C Digital Signature Specification

Roberto Ostinelli roberto at openspime.com
Wed Aug 19 10:19:23 UTC 2009


hello,

are there any news about this? i'm currently signing portions of  
stanzas in a way similar to:

<iq>
    <my_protocol>
        <transport>
            [...]
        </transport>
        <sign>...</sign>
    </my_protocol >
</iq>

where <sign/> contains the signature of <transport/>. i'd love to have  
a more XMPP native way of doing so.

wandering if something like:

<iq from='{sender}'
   to='{recipient}'
   xml:lang='en'
   type='set'
   id='{iq-id}'
   signature='{base64-encoded-signature}'>

       [...]

</iq>


where signature could for instance be computed  on the string  
concatenation of all iq attributes and length of the stanza. in pseudo- 
code that would be (\n means the Unicode code point U+000A commonly  
called newline):

Signature = Base64(RSA-Private-Key-Encrypt(RequestHash));

StanzaHash = SHA-1(UTF-8-Encoding-Of(StringToSign));

StringToSign = "from" + "=" + Sender +
        "to" + "=" + Recipient +
        "xml:lang" + "=" + Lang +
        "type" + "=" + Type
        "id" + "=" + Id
        "content-length" + ":" + LengthOfStanzaContent;

does this make sense? i don't see breaking any backwords compatibility  
here..

cheers,

r.



More information about the Standards mailing list