Justin Karneges wrote:
On Friday 16 March 2007 8:17 pm, Peter Saint-Andre wrote:Justin Karneges wrote:If by XTLS you mean you want to define a usage of TLS (e.g. base64 encoding segments of a TLS stream), then that shouldn't be scary at all.Sure we'd have things like:<iq> <xtls xmlns='urn:xmpp:xtls'>base64</xtls> </iq> The TLS stuff would all be base64-encoded, just hand it off to OpenSSL and you're done. Sort of. :) We'd need to bubble the results up to the XMPP application layer so the client knows when the negotiation is done. And I'm sure there are subtleties. But that is the basic idea AFAICS.I think you're done. :) Running TLS over an IBB (or similar) stream is not any different from running TLS over TCP, provided you don't have to fight your TLS library very much. The client knows when the TLS negotiation is completed because the TLS library says so.
I don't know if we need IBB for that, why not put it in a dedicated namespace? IBB is general, xtls is more specific.
If we went this route, I'd suggest simply starting an XML stream over the TLS channel, and using that for stanza exchange. Voila, e2e.
What exactly is the TLS channel? My understanding is that you'd exchange these <message><xtls>base64</xtls></message> stanzas to do the negotiation and then you'd have a TLS channel over XMPP, so all your comms with the other person would now be included in those <xtls/> elements. But probably I'm missing something -- would we use <xtls/> only for the negotiation? If so, then what?
Peter -- Peter Saint-Andre XMPP Standards Foundation http://www.xmpp.org/xsf/people/stpeter.shtml
smime.p7s
Description: S/MIME Cryptographic Signature
