On Friday 16 March 2007 8:17 pm, Peter Saint-Andre wrote: > Justin Karneges wrote: > > If by XTLS you mean you want to define a usage of TLS (e.g. base64 > > encoding segments of a TLS stream), then that shouldn't be scary at all. > > Sure we'd have things like: > > <iq> > <xtls xmlns='urn:xmpp:xtls'>base64</xtls> > </iq> > > The TLS stuff would all be base64-encoded, just hand it off to OpenSSL > and you're done. Sort of. :) We'd need to bubble the results up to the > XMPP application layer so the client knows when the negotiation is done. > And I'm sure there are subtleties. But that is the basic idea AFAICS.
I think you're done. :) Running TLS over an IBB (or similar) stream is not any different from running TLS over TCP, provided you don't have to fight your TLS library very much. The client knows when the TLS negotiation is completed because the TLS library says so. If we went this route, I'd suggest simply starting an XML stream over the TLS channel, and using that for stanza exchange. Voila, e2e. -Justin
