[JDEV] Security in XMPP/Jabber: some questions
jabber_jdev at aeiou.pt
jabber_jdev at aeiou.pt
Fri May 23 04:55:25 CDT 2003
hi all
first of all i would like to say thx to everyone who have answered
this mail with some explanation, that's the best way to beeing lerning
about this...
after reading your mail and all the answers, from David, Rob, etc,
i've made myself a little research too and i would like to keep asking
about xmpp/jabber security:
if we take a closer look about SASL there's kerberos, tsl - that is
the ietf version of netscape's ssl ver 3 , GSSAPI - i've to admit that
i didnt understand this mechanism much , s/key and external mechanisms
of authentication... and my question is, why not a simple
authentication using the pki and based on certification authorities?
public keys, diffie-helman agreement to create session kyes,
zero-knowledge agreement between servers and clients (note, not
between clients and servers, server must identify himself first),
chalange-answer between clients and servers, and one of this two
between servers and servers ... i think this is pretty much secure
than anything ...
i would like to have your oppinion about this
thx
_________________________________________________________
Bolsa de Emprego AEIOU: simples, rápido, resultados imediatos.
http://emprego.aeiou.pt
More information about the JDev
mailing list