I didn't include message body in the reply because the message body was getting big.
Max, have you read the proposal at www.megaepic.com/~johnston/newencryption.txt?
Basically, I/we are interested in supporting encryption for more than just
<message><body></body></message> as there is currently support for. In teh process of
doing this, I don't see what the point is of limiting ourselves to one particular
algorithm (or set of algorithms) when we can provide more broad support for other
protocols if someone wanted to use them. Of course, we'll define what algorithm(s)
should be supported by all IM clients, but other there should be flexablility for
people using jabber for other purposes, like middleware. The reason for providing a
mechanism to request keys/certs for use with a particular algorithm is (asside from
the fact that different algorithms require different key pairs) that clients may
support one or more non-required algoritms that they want to use - and they'll have to
request keys from clients for use with that algorithm (if the client's support that !
algorithm - if they dont, they can return an error). Is that more clear? :)
Mat.
PS I'm not a PKI crypto expert, so I may very well not be looking at this in the most
sane way :) but this sounds right to me.
_______________________________________________
jdev mailing list
[EMAIL PROTECTED]
http://mailman.jabber.org/listinfo/jdev
