On Sunday 04 November 2007 12:29 pm, Peter Saint-Andre wrote: > Perhaps of interest re XTLS (despite the fact that it is Experimental)... [...] > This memo proposes extensions to the Transport Layer Security (TLS) > protocol to support the OpenPGP key format. The extensions discussed > here include a certificate type negotiation mechanism, and the > required modifications to the TLS Handshake Protocol. This memo defines > an Experimental Protocol for the Internet community.
OpenPGP compatibility should be a requirement with whatever e2e scheme we come up with. Additionally, I've long been wanting to use OpenPGP keys for c2s authentication instead of X.509 certificates. However, I don't think extending TLS is a practical way to do this. Sure, there's gnutls which supports the extension, but that's just one library. We're a decade away from TLS+OpenPGP being generally available, and this is in part because the industry doesn't care about OpenPGP. I think we should consider this extension in our use of TLS for implementations that can manage to do it, but I also think we should find a way to incorporate OpenPGP directly into our XMPP handshakes, since that's an area that we have more control over. -Justin
