-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 6/2/09 1:56 PM, Dave Cridland wrote: > On Tue Jun 2 18:56:35 2009, Jonathan Schleifer wrote: >> What if DSA gets completely broken someday? Then we're screwed. And if >> we want to be algorithm-independant, we need to implement something >> very similar to OpenPGP anyway. > > Or TLS. > > Which, incidentally, can use PGP keys.
AFAIK only GnuTLS has (experimental) support for RFC 5081 (which is itself experimental): http://tools.ietf.org/html/rfc5081 > But in any case, I don't think the crypto is actually the tricky bit > with single-message stuff, it's formatting, since ideally you want to > sign everything (including <iq/>) in a way that lets those signatures be > ignorable to naïve actors, which is going to be a tough one to solve. > (Easy for messages, but impossible for <iq/> as far as I can see.) Some folks who said they were using XMLdsig for XMPP were lobbying me to relax the one-payload rule for IQs so that they could include the signature along with the regular payload. But that's a topic for the newly restarted XMPP WG: http://tools.ietf.org/wg/xmpp/ Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkolhTcACgkQNL8k5A2w/vyY1ACfRuRkoj/ICCmYnalB04clxts4 qIoAnj+tEuoSIbSqs8BhBZ/gMNytusHI =yDRQ -----END PGP SIGNATURE-----
