[JDEV] stunnell
Bernd Eckenfels
lists at lina.inka.de
Wed Dec 20 15:31:40 CST 2000
On Wed, Dec 20, 2000 at 12:44:09AM -0500, Sean Wieland wrote:
> Has anyone tried using stunnel the "universal SSL wrapper" with the
> Jabber server? If so, with what success and what issues were there?
> What does everyone think of just using stunnel to add SSL/TSL
> functionality to Jabber (which seems to be in spirit with Jabber design
> philosophy).
This is do-able. We can also add SSL to jpoold. The problem here is, that
SSL is not the best solution since the jabber framework is a distributed
one. We are much better with Message Encryption and Signing. This add such a
lot benefits:
- you do not need to trust the routing servers
- you can archive the messages and verify the sender all times
- you do not need special spoofing preventions between servers
- we do not need to spend vauable CPU cycles on servers with SSL
Of course it will chnage the way jabber messages look like, since most of
the namespaces besides the routing tags will be inside an encryption
envelop.
Greetings
Bernd
--
(OO) -- Bernd_Eckenfels at Wendelinusstrasse39.76646Bruchsal.de --
( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
o--o *plush* 2048/93600EFD eckes at irc +497257930613 BE5-RIPE
(O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
More information about the JDev
mailing list