[Telepathy] XMPP: OpenPGP SASL mechanism

Daniele Ricci daniele.athome at gmail.com
Wed Apr 17 07:49:31 PDT 2013


Hi people!
My name is Daniele Ricci, I'm the lead developer and founder of the
Kontalk messaging project [1].
Since we are switching to XMPP, I'm considering also desktop clients
for Kontalk.
I decided to use OpenPGP encryption, even for authentication. I've
developed a simple SASL mechanism for Twisted (both server-side and
client-side) available in the xmppserver repository [2] (client-side
code can be found in test/bot_utils.py). Since there is no standard
(at least that I know, after my research), I made this up:

C: <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl'
mechanism='OPENPGP'>[base64-encoded client public key]</auth>
S: <challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>[random
challenge]</challenge>
C: <response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>[challenge
signed using client private key]</response>

The need to send the client public key at the beginning it's because
Kontalk doesn't have a users database by design, so authentication and
identification is achieved through a single process. Server then
checks a valid signature on the public key before continuing and of
course signed challenge would be compared with the key the client sent
in the first place.

Including this in telepathy would require a patch which I don't know
if it would be accepted to the mainline, since there is no RFC, no
defined standard, nothing. I know. I came here with this proposal to
see if it could bring some interest.

Bye

[1] https://code.google.com/p/kontalk/
[2] https://code.google.com/p/kontalk/source/checkout?repo=xmppserver

-- 
Daniele


More information about the telepathy mailing list