On Wednesday 03 June 2009 02:35:03 Dirk Meyer wrote: > Justin Karneges wrote: > > In my opinion, this is not XMPP's battle. I think being able to use > > "off the shelf" TLS libraries is a noble goal, and one we should > > choose over protocol purity. > > Agreed. TLS-SRP makes it easy to specify but I'm open to other > solutions -- IETF solutions, not self-made.
Yes, using a standards-based security approach is more important than being able to use existing libraries. Ideally we'd manage to satisfy both goals. I think we have wiggle room as long as what we're suggesting is more of a "mash-up" of existing, proven concepts rather than anything revolutionary. -Justin
