On Thu, Mar 5, 2009 at 7:43 AM, Justin Karneges <[email protected]> wrote: > On Thursday 05 March 2009 05:48:22 Dirk Meyer wrote: >> Simon Josefsson wrote: >> > Having more feedback on what kind of features XMPP wants from TLS >> > libraries will help TLS implementers (at least it will help me), and >> > making the requirements explicit may help the decision on what is the >> > best choice for XMPP too. >> >> For OpenSSL and GnuTLS it is more about features of the bindings. Both >> libs have SRP and Finished message support for channel-bindings. But the >> Python bindings (that is what I care about) only support X.509. Well, it >> is even worse: OpenSSL's Python bindings are old and not updated >> anymore, GnuTLS does not have real bindings (only some strange ctypes >> based code flying around without real project homepage). >> >> I don't know about Ruby, C#, or any other language. GnuTLS only seems to >> have suitable Guile bindings -- but seriously, who uses these? > > This is exactly why I think we should try to find a solution that doesn't > require modification to existing TLS APIs. We've already felt enough pain > just from XML APIs being inadequate for XMPP streaming (are people done yet > homebrewing their parsers with Java/.NET?). Let's not repeat all of that > again with TLS, at least for the common scenarios we are targetting.
This is of course reasonable, but if the solution involves writing a whole bunch of new crypto code in XMPP that seems undesirable as well, no? -Ekr
