On 3/9/09 12:31 AM, Robbie Hanson wrote: > XEP-0065 (Socks5 Bytestreams) states in the "security considerations" > section that "negotiation of [SSL/TLS] is outside the scope of this > document". I believe this is no longer valid. For example, consider > XEP-0189 (Public Key Publishing), and how the XMPP protocol could be > used to help enable TLS encryption using self-signed certificates. > > I'd like to present a modest change to the protocol, which is backwards > compatible, that would enable two clients to secure a bytstream > connection, with the help of XMPP.
What you propose is something we're working on outside XEP-0065 so that we can use the same security framework for SOCKS5 Bytestreams, In-Band Bytestreams (XEP-0047), Raw UDP (XEP-0177), ICE-UDP (XEP-0176), and any other transport method we might define or re-use in Jingle. Please see here: http://xmpp.org/internet-drafts/draft-meyer-xmpp-e2e-encryption-01.html This uses the Jingle "shims" onto S5B and IBB recently published in XEP-0260 and XEP-0261: http://xmpp.org/extensions/xep-0260.html http://xmpp.org/extensions/xep-0261.html See also XEP-0234 (Jingle File Transfer): http://xmpp.org/extensions/xep-0234.html If you'd like to discuss this further, please post to the [email protected] list: http://mail.jabber.org/mailman/listinfo/security /psa
smime.p7s
Description: S/MIME Cryptographic Signature
