Eric Rescorla wrote: > > On Jan 14, 2009, at 2:54 PM, Peter Saint-Andre <[email protected]> wrote: > >> Eric Rescorla wrote: >>>> Earl wrote: >>>>> I believe XMPP should use ZRTP and require that ZRTP SASL *must* be >>>>> displayed >>>>> so that it can be vocally read to the other party to determine if >>>>> there >>>>> is a man in the middle. >>>>> >>> I don't think this is very realistic. As I said earlier there are lots >>> of situations where this doesn't work at all (e.g. IVR). And even in >>> human to human settings the available data suggests that people will not >>> actually check the sas. >> >> Plus you don't always (or even often) know what the other person is >> supposed to sound like. > > That said the tls wg has considered doing an sad feature several times. > A request for that feature from jabber/xmpp would be taken seriously
Once we get the basic "XTLS" stuff nailed, I think it's quite possible that we'd work together with some other interested parties to define SAS as a TLS extension. But first things first... /psa
