I could have a bash at it today. I do have a demo tonight, but If I find free time then I will do it.
> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Peter Saint-Andre > Sent: Wednesday, August 20, 2008 7:25 AM > To: XMPP Security > Subject: Re: [Security] TLS Certificates Verification > > Greg Hudson wrote: > > On Tue, 2008-08-19 at 21:56 -0600, Peter Saint-Andre wrote: > >> It does? Negotiate a reliable transport, start an XML stream, and > >> upgrade the stream to encrypted via STARTTLS, just like we currently > do > >> for client-to-server streams. How is that enormously complex? > Granted, > >> the reliable transport might not be raw TCP -- it might be a direct > or > >> mediated bytestream (XEP-0065), an in-band bytestream (XEP-0047), or > >> some other reliable transport. But I don't see how that makes the > >> complexity enormous. > > > > If existing TLS libraries can be used for XTLS, then my argument > > collapses, since those same libraries are already used for channel > > security. I'm skeptical that it will work; perhaps a proof of > concept > > is in order. > > I'm all for that. Unfortunately I'm just about the worst coder in the > XMPP community, so I need to defer to others. I think Dirk Meyer has > been working on this, but I'm not sure how far he's gotten. > > /psa
