[Telepathy] XMPP: OpenPGP SASL mechanism

Simon McVittie simon.mcvittie at collabora.co.uk
Wed Apr 17 08:50:40 PDT 2013

On 17/04/13 16:18, Daniele Ricci wrote:
> Other than checking the server challenge for a specific syntax, is
> there any other way to make this secure? How do I prove that client
> has the private key it claims to have?

I am not a cryptographer and you have no particular reason to trust me,
so if I tell you something that sounds as though it ought to work, you
shouldn't believe me anyway :-)

Sorry, but (several of the uses of) PGP keys are too important to be
doing non-peer-reviewed crypto with them.

As psa mentioned, RFC 6091 is an Internet standard. If Wikipedia is to
be believed, GnuTLS is the only widespread implementation at the moment.


More information about the telepathy mailing list