> based on our requirements, we could simply re-use TLS semantics in XMPP > syntax rather than define a completely new security protocol
This is not such a bad idea. A good example of an adapted TLS already in existence is DTLS (RFC 4347). DTLS re-uses just about everything it can from TLS, to provide security over an unreliable packetized session. The basic difference from normal TLS is that packets may be dropped or be received out of order, and that there is a limitation in the maximum size of a payload (basically all UDP limitations, but beware of the security implications that come along with them). Just to get the mind churning, we could use unmodified DTLS over XMPP quite easily. Just base64 encode DTLS packets, and ship them off. However, XMPP doesn't suffer from as many limitations as UDP. We have no hard limit on stanza size, and packets are not delivered out of order. Thus, we may want to find middleground between DTLS and TLS. Or... maybe TLS is enough? We could establish a new <stream:stream> between client endpoints, over IBB, protected with TLS. The protocol would end up looking almost the same as my base64'd DTLS suggestion. -Justin _______________________________________________ Security mailing list [EMAIL PROTECTED] http://mail.jabber.org/mailman/listinfo/security
