[JDEV] Security in XMPP/Jabber: some questions

jabber_jdev at aeiou.pt jabber_jdev at aeiou.pt
Fri May 23 04:55:25 CDT 2003


hi all

first of all i would like to say thx to everyone who have answered
this mail with some explanation, that's the best way to beeing lerning
about this...

after reading your mail and all the answers, from David, Rob, etc,
i've made myself a little research too and i would like to keep asking
about xmpp/jabber security:

if we take a closer look about SASL there's kerberos, tsl - that is
the ietf version of netscape's ssl ver 3 , GSSAPI - i've to admit that
i didnt understand this mechanism much , s/key and external mechanisms
of authentication... and my question is, why not a simple
authentication using the pki and based on certification authorities?
public keys, diffie-helman agreement to create session kyes,
zero-knowledge agreement between servers and clients (note, not
between clients and servers, server must identify himself first),
chalange-answer between clients and servers, and one of this two
between servers and servers ... i think this is pretty much secure
than anything ...

i would like to have your oppinion about this

thx


 
_________________________________________________________

Bolsa de Emprego AEIOU: simples, rápido, resultados imediatos.
http://emprego.aeiou.pt




More information about the JDev mailing list