On Fri, Apr 4, 2008 at 10:06 AM, Norman Rasmussen <[EMAIL PROTECTED]> wrote:
> I like this, what about some sort of GPG/PUB-KEY based authentication > with the gateway? Also you'd want the "registration" to be temporary > only, and it should fall away once the client disconnects (after all > it's never going to be seen again). Would just a GPG signed presence > be good enough to authenticate and log in to the gateway? GPG presence is good only if each presence packet has an unique token that changes each time, otherwise the gateway will be always authorized. For this purpose, one time login, a sequence of cryptographically computed authentication tokens should be the best solution. When you register with the gateway you pass you jid and the one-time auth token, then the gateway uses it for connecting with the server and, after the session is gone, the token is useless. bye -- Fabio Forno, Ph.D. Bluendo srl http://www.bluendo.com jabber id: [EMAIL PROTECTED]
