[JDEV] stunnell

[Sean Wieland]

Bernd Eckenfels wrote:
> 
> On Wed, Dec 20, 2000 at 12:44:09AM -0500, Sean Wieland wrote:
> > Has anyone tried using stunnel the "universal SSL wrapper" with the
> > Jabber server?  If so, with what success and what issues were there?
> > What does everyone think of just using stunnel to add SSL/TSL
> > functionality to Jabber (which seems to be in spirit with Jabber design
> > philosophy).
> 
> This is do-able. We can also add SSL to jpoold. The problem here is, that
> SSL is not the best solution since the jabber framework is a distributed
> one. We are much better with Message Encryption and Signing. This add such a
> lot benefits:
> 
> - you do not need to trust the routing servers
> - you can archive the messages and verify the sender all times
> - you do not need special spoofing preventions between servers
> - we do not need to spend vauable CPU cycles on servers with SSL
> 
> Of course it will chnage the way jabber messages look like, since most of
> the namespaces besides the routing tags will be inside an encryption
> envelop.

Why not do both?  SSL/TSL for the TCP connections and GPG for message
encryption and signing?

> Greetings
> Bernd

-Sean

-- 
 +-----=[export-a-crypto-system-sig RSA-3-lines-PERL]=-----+
 |#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj|
 |$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1|
 |lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)  |
 +--------=[http://www.cypherspace.org/~adam/rsa/]=--------+
"Most people would rather die than think, and most people do." 
                                       -- Bertrand Russell