Dave Cridland wrote:
On Wed Aug 20 18:43:32 2008, Peter Saint-Andre wrote:And that's not even to get into the Layer 8 issues of what the IETF security mafia might find acceptable -- RFC 3921 requires support for RFC 3923 and we need to substitute something reasonable for that ugly ugly S/MIME stuff that no one has ever implemented and no one ever will.Hmmm... Now probably not a good time to mention that we probably *will* need to have a per-stanza signing (and possible encrypting) spec in some cases, too. Luckily, these are all specialist cases, like signing pubsub items, MUC messages, etc. And, erm, security labelling. Because this is signature stuff, X.509 is basically our single weapon of choice here - we could do S/MIME, therefore, but even the people doing this stuff now aren't using S/MIME.FWIW, all the use cases I know of are not encrypted, just signed, at least for now - encrypted MUC or pubsub isn't on my radar.
Yes, I have heard of interest in signing pubsub notifications. MUC is another story, but I think we'd want a separate thread for that!
I'm vaguely hoping the W3C dsig stuff has ended up a bit more proven and working by the time we need this, though, so we again save ourselves from having to reinvent wheels.
Erk. /me signs up for [EMAIL PROTECTED] /psa
smime.p7s
Description: S/MIME Cryptographic Signature
