Hi Peter,
I am wondering whether it would be possible to link the recommendations
between draft-saintandre-xmpp-tls-01 and draft-sheffer-tls-bcp-00 with
respect to what it says about TLS.
I believe that the TLS recommendations should be generic for the crypto
(no RC4, key length, etc.) and don't depend on the specific application
that is being protected.
Of course you could argue that it makes sense to replicate the text for
simpler readability.
One other remark about session resumption. There are two versions of
session resumption, namely one that is part of the base TLS spec and
another one that provides session resumption without server side state.
From your text it seems that focus on the latter, which is OK.
RFC 5077 already says that you have to encrypt and authenticate the
ticket. What can be said in the XMPP context is to implement the
recommended format of the ticket to avoid problems with not encrypting
the information or not authenticating it. The info is found in Section 4
of RFC 5077. Of course, we could double-check the recommended algorithms
for that as well.
Ciao
Hannes
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
