On 17/04/13 16:18, Daniele Ricci wrote: > Other than checking the server challenge for a specific syntax, is > there any other way to make this secure? How do I prove that client > has the private key it claims to have?
I am not a cryptographer and you have no particular reason to trust me, so if I tell you something that sounds as though it ought to work, you shouldn't believe me anyway :-) Sorry, but (several of the uses of) PGP keys are too important to be doing non-peer-reviewed crypto with them. As psa mentioned, RFC 6091 is an Internet standard. If Wikipedia is to be believed, GnuTLS is the only widespread implementation at the moment. S _______________________________________________ telepathy mailing list telepathy@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/telepathy