Hi people! My name is Daniele Ricci, I'm the lead developer and founder of the Kontalk messaging project [1]. Since we are switching to XMPP, I'm considering also desktop clients for Kontalk. I decided to use OpenPGP encryption, even for authentication. I've developed a simple SASL mechanism for Twisted (both server-side and client-side) available in the xmppserver repository [2] (client-side code can be found in test/bot_utils.py). Since there is no standard (at least that I know, after my research), I made this up:
C: <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='OPENPGP'>[base64-encoded client public key]</auth> S: <challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>[random challenge]</challenge> C: <response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>[challenge signed using client private key]</response> The need to send the client public key at the beginning it's because Kontalk doesn't have a users database by design, so authentication and identification is achieved through a single process. Server then checks a valid signature on the public key before continuing and of course signed challenge would be compared with the key the client sent in the first place. Including this in telepathy would require a patch which I don't know if it would be accepted to the mainline, since there is no RFC, no defined standard, nothing. I know. I came here with this proposal to see if it could bring some interest. Bye [1] https://code.google.com/p/kontalk/ [2] https://code.google.com/p/kontalk/source/checkout?repo=xmppserver -- Daniele _______________________________________________ telepathy mailing list telepathy@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/telepathy