Jonathan Schleifer wrote:
Am 20.08.2008 um 16:24 schrieb Remko Tronçon:> Upgrading a well-established securestandard to a new use case sounds slightly more fail-safe than creating a new one from the ground up.That has issues like: * Only works with keys which is user unfriendly
Please do some research about TLS. It is not limited to using keys (e.g., read RFC 5054).
* Was designed for server to client connection and not client to client connection.
I think you may be confusing "TLS server" and "TLS client" with "XMPP server" and "XMPP client". However, while I grant that SSL was originally designed for use between web servers and web clients, that doesn't mean it can't be used for other scenarios. You are committing the genetic fallacy. (Another example: the World Wide Web was designed for publishing physics papers, therefore it can't be used for electronic commerce.)
I don't see why everyone wants to use TLS for it, it really wasn't designed for that IMO!
Who cares, as long as it works? /psa
smime.p7s
Description: S/MIME Cryptographic Signature
