Matthias Wimmer wrote:
Alexander Gnauck schrieb:I agree with Justin, it shold be be that hard to implement if your TLS library gives you access to the stream. But what about the certificates?You can do TLS with and without certificates. If you are doing it with them you can use certificates issued by a CA or with self-signed ones, you can even use PGP keys as certificates in TLS (draft-ietf-tls-openpgp-keys-11.txt). If you are using TLS without certificates you can do anonymous key exchange, use preshared keys for authentication or use the Secure Remote Password protocol for authentication. So I don't think that certificates are a problem ...
Yes. There are TLS cipher-suites that don't require PKI (self-signed or whatever), so we could use those.
Peter -- Peter Saint-Andre XMPP Standards Foundation http://www.xmpp.org/xsf/people/stpeter.shtml
smime.p7s
Description: S/MIME Cryptographic Signature
