2009/3/9 Robbie Hanson <[email protected]>: > 2) When the target tells the initiator which streamhost it used (section > 4.7), it simply sends it's public key in the message. This might be done > like so: > <iq type='result' > from='[email protected]/bar' > to='[email protected]/foo' > id='initiate'> > <query xmlns='http://jabber.org/protocol/bytestreams'> > <streamhost-used jid='streamhostproxy.example.net'/> > <publicKey>5AF9...[publicKeyInHex]...2C4</publicKey> > </query> > </iq> > The initiator and target can now secure their connection using SSL/TLS. The > initiator will simply allow self-signed certificates, and then, upon > successful TLS handshake, it will make sure the public key used matches the > public key it received via XMPP. > -Robbie Hanson > -Deusty Designs >
I don't really know much about encryption and security, but aren't public/private keys related to PGP? For TLS, I think it would be sufficient to just send the certificate's fingerprint that the initiator can check. Am I not correct?
