Peter Saint-Andre <[email protected]> writes: >> We could just try X.509 and do an SRP re-keying later if we can not >> verify the certificates. But at least my TLS lib does not support >> this. Which reminds me of a problem: I talked to Klaus yesterday because >> we both want to implement XTLS and do some interopts. He uses DotNet and >> the DotNet TLS layer does not support SRP. Before Dave jumps in and >> promotes channel bindings: they won't work either. As far as I >> understand channel bindings you need the TLS Finished messages for >> it. DotNet has no support for this either. >> >> What we need is a way to make the channel secure WITHOUT any special >> requirements from the TLS lib. > > Ideally, yes. The question is: what counts as a "special requirement"? > As far as I know, both OpenSSL and GnuTLS now support SRP. I don't know > whether they support channel bindings yet. It might help to make a list > of the most common TLS libraries and figure out what features they > support now and might support in future releases (e.g., perhaps the > DotNet TLS layer will support SRP in the next release -- I have no idea).
I think that would be useful too -- as a TLS implementer it is difficult to know what features applications care about. I added a hook to get the TLS Finished messages (which is used for channel bindings) in GnuTLS some time ago when I suspected that some applications may want it. Having more feedback on what kind of features XMPP wants from TLS libraries will help TLS implementers (at least it will help me), and making the requirements explicit may help the decision on what is the best choice for XMPP too. /Simon
