Dirk Meyer wrote: > Peter Saint-Andre wrote: >> I still think it would be really cool to do authentication of client to >> server using OpenPGP keys... > > I'm not sure how. OpenPGP is a web-of-trust. How can we create something > a server trusts?
I think the idea is that after the original password login you would inform the server of your public key (over an encrypted, authenticated connection) and the server would simply associate that key with your account for future logins. This would enable you to do passwordless login going forward. > IMHO TLS with OpenPGP is good for c2c authentication > but hard for c2s. Yes, this is even better for e2e. > For c2s I still propose a XEP to upload keys. > > See my post from 09-10-2008, 11:26 AM in > http://www.jabberforum.org/archive/index.php/t-743.html I'll look at that again, thanks for the reminder. :) Peter -- Peter Saint-Andre https://stpeter.im/
