[Security] e2e feedback

Tue, 13 Mar 2007 12:16:12 -0800

We received some initial feedback from an IETF security guru regarding encrypted sessions (XEP-0116 etc.). He thinks that, based on our requirements, we could simply re-use TLS semantics in XMPP syntax rather than define a completely new security protocol (which is considered to be a bad idea). Essentially this would treat XMPP as the transport layer, so instead of doing TLS over TCP (as we do for channel encryption) we would do TLS over XMPP for encrypted sessions between endpoints, where we communicate TLS primitives in XML syntax.
I have not yet had the time investigate this approach, but I will look into the possibility before tomorrow's meeting of the XMPP Council. The relevant spec is RFC 4346: 

http://www.ietf.org/rfc/rfc4346.txt


The good thing about this approach is that it would, I think, be 
immediately palatable to the IETF. I doubt that people could re-use 
existing TLS libraries directly since our syntax would be different, but 
conceptually the approaches would be the same.


Peter

--
Peter Saint-Andre
XMPP Standards Foundation
http://www.xmpp.org/xsf/people/stpeter.shtml




Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature


_______________________________________________
Security mailing list
[EMAIL PROTECTED]
http://mail.jabber.org/mailman/listinfo/security






















					Reply via email to