On Thursday 01 November 2007 2:49 pm, Peter Saint-Andre wrote:
> Justin Karneges wrote:
> > Most TLS libraries operate as a "black box", passing an opaque stream of
> > bytes to the application. I'd suggest making the XEP have a more
> > transparent use of TLS to match this fact. In other words, rather than
> > saying the first iq stanza must contain certain explicit TLS constructs
> > (e.g. ClientHello), just say it can contain any arbitrary TLS data, just
> > like how a real TLS stream over TCP works. This would allow most
> > off-the-shelf TLS libraries, such as OpenSSL, to be used with XTLS.
> > Since a stanza stream has TCP-like behavior, I think we can get away with
> > this.
> >
> > Of course, this would mean we'd lose the direct mapping between each
> > transported stanza and the content within. For example, a single IM may
> > span multiple transported stanzas, or a single transported stanza may
> > contain multiple IMs. However, I don't think having a direct mapping
> > buys us much at all, while having an opaque/transparent transport buys us
> > a *lot*.
>
> Well this gets back to what Tomasz said: why not have an opaque data
> transport? Whether you use it for XTLS or anything else is up to you.
>
> /me ponders
I think he was rather complaining about how whenever we desire to transport
binary data we end up having to base64 encode it. An efficient binary
transport mechanism may be worth looking into, but it is a separate problem.
By the way, we have an opaque data transport: XEP-47 (IBB). :)
On that note, it might be worth using IBB for XTLS. If we were to turn XTLS
into an opaque transport, then XTLS would end up with a lot of IBB overlap.
After all, it would just be shuffling Base64 around, and that's what IBB
does. What about the following:
Romeo requests XTLS:
<iq from='[EMAIL PROTECTED]/orchard'
id='hs1'
to='[EMAIL PROTECTED]/chamber'
type='set'>
<xtls xmlns='http://www.xmpp.org/extensions/xep-xxxx.html#ns' sid='1234'/>
</iq>
Juliet agrees:
<iq from='[EMAIL PROTECTED]/chamber'
id='hs1'
to='[EMAIL PROTECTED]/orchard'
type='result'/>
Romeo negotiates IBB session:
<iq from='[EMAIL PROTECTED]/orchard'
id='ibb1'
to='[EMAIL PROTECTED]/chamber'
type='set'>
<open sid='1234'
block-size='4096'
xmlns='http://jabber.org/protocol/ibb'/>
</iq>
Juliet accepts:
<iq from='[EMAIL PROTECTED]/chamber'
id='ibb1'
to='[EMAIL PROTECTED]/orchard'
type='result'/>
Romeo sends some TLS data:
<iq from='[EMAIL PROTECTED]/orchard'
id='ibb2'
to='[EMAIL PROTECTED]/balcony'
type='set'>
<data xmlns='http://jabber.org/protocol/ibb' sid='1234' seq='0'>
base_64(TLS-Client-Hello-Message)
</data>
</iq>
This pushes the transporting stuff out of XTLS, and also lets you use <iq> or
<message> stanzas to transport the data. XTLS reduces to a single iq
exchange and some security notes...
-Justin
