On Tuesday 02 June 2009 22:24:07 Simon Josefsson wrote: > While I like PGP/X509 to be used, I think it is important to also > support secure communication to happen based on a shared secret. While > the security industry likes to believe public key solutions will solve > everything, what normal people understand will continue to be > "passwords". And it should be possible to build a secure communication > system bootstrapped from a password. One approach is for > implementations to generate the X509/PGP certs on the fly, and > authenticate them using the shared secret.
I believe the consensus is that we should support passwords, X.509, and PGP. So don't worry, nobody's getting left out. :) Even the latest security spec, draft-meyer-xmpp-e2e-encryption-01, covers all three cases. I do like the suggestion of generating a self-signed X.509 certificate on the fly and protecting it with a password somehow. This way, every existing TLS library and language binding can be used to implement password-secured sessions. In contrast, draft-meyer-xmpp-e2e-encryption-01 specifies that passwords should be used natively in TLS, via the SRP extension. This approach is ideal from a protocol perspective, but comes with a high cost: developers may need to rework/switch TLS libraries. In my opinion, this is not XMPP's battle. I think being able to use "off the shelf" TLS libraries is a noble goal, and one we should choose over protocol purity. -Justin
