On Thursday 05 March 2009 05:48:22 Dirk Meyer wrote: > Simon Josefsson wrote: > > Having more feedback on what kind of features XMPP wants from TLS > > libraries will help TLS implementers (at least it will help me), and > > making the requirements explicit may help the decision on what is the > > best choice for XMPP too. > > For OpenSSL and GnuTLS it is more about features of the bindings. Both > libs have SRP and Finished message support for channel-bindings. But the > Python bindings (that is what I care about) only support X.509. Well, it > is even worse: OpenSSL's Python bindings are old and not updated > anymore, GnuTLS does not have real bindings (only some strange ctypes > based code flying around without real project homepage). > > I don't know about Ruby, C#, or any other language. GnuTLS only seems to > have suitable Guile bindings -- but seriously, who uses these?
This is exactly why I think we should try to find a solution that doesn't require modification to existing TLS APIs. We've already felt enough pain just from XML APIs being inadequate for XMPP streaming (are people done yet homebrewing their parsers with Java/.NET?). Let's not repeat all of that again with TLS, at least for the common scenarios we are targetting. -Justin
