On Wednesday 14 January 2009 15:44:51 Dirk Meyer wrote: > Peter Saint-Andre wrote: > > 1. Initiator sends Jingle session-initiate with offer, including hints > > about TLS methods and fingerprints > > > > 2. Initiator and responder agree on transport and negotiate IBB or > > SOCKS5 (or future ICE-TCP) connection > > I agree up to this point. > > > 3. Parties start XML stream over negotiated transport (e.g., > > encapsulated in IBB packets) > > > > 4. Parties upgrade stream using STARTTLS > > > > 5. If STARTTLS succeeds, the e2e stream is now secured > > Why not skip all this and fire up the TLS lib afer (2)? We know that we > want to use TLS, there is no point in doing all this.
Especially if TLS is done as part of Jingle. Funny, we'd get TLS for free with Jingle and we'd get TLS for free with XMPP. Which one to use? :) I don't have a problem with either approach, and we may even want to allow both to be possible (but not at the same time). I do have a strong opinion on the layering though, that echos what I said in my last mail: - If Jingle TLS is used, then hints/fingerprints (if any) must be offered at the Jingle level. - If Jingle TLS is not used, but XMPP STARTTLS is, then hints/fingerprints (if any) must be offered at the *application* level. That is, inside <description/>. -Justin
