Justin Karneges wrote: > On Wednesday 14 January 2009 15:44:51 Dirk Meyer wrote: >> Peter Saint-Andre wrote: >>> 1. Initiator sends Jingle session-initiate with offer, including hints >>> about TLS methods and fingerprints >>> >>> 2. Initiator and responder agree on transport and negotiate IBB or >>> SOCKS5 (or future ICE-TCP) connection >> I agree up to this point. >> >>> 3. Parties start XML stream over negotiated transport (e.g., >>> encapsulated in IBB packets) >>> >>> 4. Parties upgrade stream using STARTTLS >>> >>> 5. If STARTTLS succeeds, the e2e stream is now secured >> Why not skip all this and fire up the TLS lib afer (2)? We know that we >> want to use TLS, there is no point in doing all this. > > Especially if TLS is done as part of Jingle. Funny, we'd get TLS for free > with Jingle and we'd get TLS for free with XMPP. Which one to use? :) > > I don't have a problem with either approach, and we may even want to allow > both to be possible (but not at the same time). > > I do have a strong opinion on the layering though, that echos what I said in > my last mail: > > - If Jingle TLS is used, then hints/fingerprints (if any) must be offered at > the Jingle level. > - If Jingle TLS is not used, but XMPP STARTTLS is, then hints/fingerprints > (if > any) must be offered at the *application* level. That is, inside > <description/>.
I don't grok your line of thinking, here but I will post separately on the topic. /psa
