Greg Hudson wrote:
On Tue, 2008-08-19 at 21:56 -0600, Peter Saint-Andre wrote:It does? Negotiate a reliable transport, start an XML stream, and upgrade the stream to encrypted via STARTTLS, just like we currently do for client-to-server streams. How is that enormously complex? Granted, the reliable transport might not be raw TCP -- it might be a direct or mediated bytestream (XEP-0065), an in-band bytestream (XEP-0047), or some other reliable transport. But I don't see how that makes the complexity enormous.If existing TLS libraries can be used for XTLS, then my argument collapses, since those same libraries are already used for channel security. I'm skeptical that it will work; perhaps a proof of concept is in order.
I'm all for that. Unfortunately I'm just about the worst coder in the XMPP community, so I need to defer to others. I think Dirk Meyer has been working on this, but I'm not sure how far he's gotten.
/psa
smime.p7s
Description: S/MIME Cryptographic Signature
