On Sat Jun 7 00:07:36 2008, XMPP Extensions Editor wrote:
The XMPP Extensions Editor has received a proposal for a new XEP.
Title: XMPP Transport Layer Security
Some comments:
1) I like using streams, too, that seems to make perfect sense,
especially given XEP-0174.
2) The TLS handshake section may as well be removed - whether to
request a certificate or not is up to the parties involved - both
parties might want mere confidentiality, and not want certificates
involved at all.
3) It might be reasonable to describe a mechanism for out-of-band (or
in-band informal) channel binding. Something like taking the result
of an HMAC over the TLS hello messages, with "yours" first and
"theirs" after, keyed with a key sent out of band, would do to verify
endpoints (if, of course, the key were sent in such a way that it
were not inetrcepted.)
However, I got talking to Rob McQueen - there's a certain amount of
sense in, instead of describing this in terms of IBB, describing it
in terms of Jingle.
It's possible - and reasonable - to consider an XMPP stream as
content, in which case the TLS becomes a transport (or possibly
attribute of the transport).
Dave.
--
Dave Cridland - mailto:[EMAIL PROTECTED] - xmpp:[EMAIL PROTECTED]
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
