[Telepathy] XMPP: OpenPGP SASL mechanism
stpeter at stpeter.im
Wed Apr 17 09:02:43 PDT 2013
On 4/17/13 9:57 AM, Daniele Ricci wrote:
> On Wed, Apr 17, 2013 at 5:52 PM, Peter Saint-Andre <stpeter at stpeter.im> wrote:
>> Sure. You could do something like secure remote password, but if you
>> really want to use PGP then RFC 6091 is the right way to go (IMHO).
>> Perhaps we could discuss this topic on the standards at xmpp.org list?
> Sure. Just subscribed.
> But at this point I guess I should go ahead with RFC 6091;
> implementing a SASL protocol for something which is clearly (and
> should be, actually) addressed by TLS would be useless don't you
That is my opinion. Opinions may differ. :-)
I think we could have an interesting conversation about this on the XMPP
standards list, and you might find some other folks who want to
implement this on clients or servers. Personally I'd love to see wider
support for TLS-PGP, because it would help us get rid of password-based
authentication. There might be some challenges with key management (how
do I tell the XMPP server that I've generated a new key?), but key
management is always interesting. :-)
More information about the telepathy