Jonathan Schleifer wrote: > Am 24.11.2008 um 18:50 schrieb Dave Cridland: > >> C2C TLS has numerous carefully audited crypto implementations, and >> one (or two?) test client implementations. Now, arguably, it might >> well have more - I'm not sure how many of the existing XEP-0174 >> clients will simply use TLS if offered, which would count in at >> least some respects. > > Please name at least two implementation so I can test those :).
I have one lib that implements XEP-0247 for server based communication and XEP-0174 for link-local communication. In both bases starttls is used. I also added XEP-0250 support to provide X.509 certificate or SRP support -- no OpenGPG authentication right now. This works for both XEP-0247 and XEP-0174. The lib is not yet released, but I can send it to you if you want to test a client against it. I also wanted to implement XEP-0189 for public key handling to use in XEP-0250, but I have some problems with ejabberd not providing the list of all published keys using PEP. So ATM you have to put all known certificates in a file for the client, that is no good solution. I plan to release my code for some time now, but writing down my PhD thesis consumes a lot of my time. And without a proper key handling it is not so much fun. > Well, what about SAS? I still can't see it. There is no SAS for TLS right now. TLS-SRP cames close to it (you have to know a password before opening the connection) and that is working for me. > And do they use jingle inband or direct connections? Right now only InBand, my client has no support for SOCKS5. > If they use direct connections, is NAT traversal implemented, using a > STUN server etc.? No, we have no XEP for that yet. I'm trying to figure out what we need when implementing ICE-TCP. This is off-topic right now, but I wonder if we need the complexity of ICE-TCP or if we can go an easier way. Dirk -- You might have mail.
