Florian Zeitz wrote: > Criticism and nitpicks: > * Example 3 should probably have action='session-accept' > * After "The following rules apply to the initiator's handling of the > session-accept message:" only the 2. case where the certificate could > not be verified is said to require user interaction. I'd personally also > want to be asked what to do if encryption wasn't possible (1. case). > * As Non-Human Parties may also be (web-)services. Maybe add encrypted > E-mail to section 5.1. E.g. Launchpad knows your GPG-key, so they could > in theory send you encrypted mail with a PIN. > Or/and possibly something more general along the lines of: "If possible > any out-of-band method a human could use to convey the PIN is > practicable too" E.g. a Asterisk PBX may call you and 'read' a PIN to > you (whether sth. like this would be secure depends on the type of > telephony and suspected MITM attack of course, but that's a different topic) > * Example 10 might need some ellipsis. XTLS being the only feature seems > unlikely. > * Possibly add some notes about bot2bot verification of certificates > (using a CA I'd suspect)
Dirk has addressed most of these suggestions in version 0.0.4: http://xmpp.org/extensions/inbox/jingle-xtls.html Peter -- Peter Saint-Andre https://stpeter.im/
smime.p7s
Description: S/MIME Cryptographic Signature
