Everyone,
Just a kind reminder to read and comment on Dirk's proposal, so that
we can improve/approve/disapprove this document :-)
http://www.tzi.de/~dmeyer/tlsauth.html
Thanks,
/O
----- From the document: --------------------------------------
Introduction
For secure client-to-client (C2C) communication the clients can use
Link-Local Messaging [1] or Jingle XML Streams [2] to open a
connection between the two clients. To open an XMPP connection End-to-
End XML Streams [3] defines a stream setup similar to the setup used
by client-server communications. To secure the communication the
extension defines the use of Transport Layer Security as defined in
RFC 4346 [4] for encryption and authentication. XEP-0246 suggest to
use the OpenPGP TLS extension but does not specify how to negotiate if
both peers support the extension and if they are able to verify the
OpenPGP key. It makes no sense to use OpenPGP instead of H.509
certificates if there is also no trust on OpenPGP level. This document
describes how to negotiate how to use TLS to exchange possible
extensions and key fingerprints before the actual TLS handshake.
After the TLS handshake both communication partners MUST be sure that
they are communicating with the correct person without a man-in-the-
middle.
