Dirk Meyer wrote:
"Jack Moffitt" wrote:Second, can you start direct XMPP connections from Javascript at all? Ok, you could use some in-band connections and even employ some of the crypto stuff but... first applies. Lots of work for no real reason.BOSH exists and supports TLS. It's also widely implemented.And with Jingle to start e2e you can use IBB. XMPP over IBB over XMPP over BOSH. But I have no idea if you could use the normal starttls over that stream. How does BOSH handle this? Use TLS on the HTTP layer or use starttls?
The BOSH spec recommends using channel encryption between client and server at the HTTP (transport_ layer, not the XMPP-over-HTTP (BOSH) layer. However for e2e encryption you could do STARTTLS for the e2e stream and the BOSH layer wouldn't care about that because it all happens in (say) IBB payloads.
/psa
smime.p7s
Description: S/MIME Cryptographic Signature
