[jdev] Signing (Was: Alternate MUC Authentication Mechanisms)
Peter Saint-Andre
stpeter at stpeter.im
Sat Oct 16 19:55:13 CST 2010
On 10/16/10 7:13 PM, Kurt Zeilenga wrote:
>
> On Oct 14, 2010, at 4:32 AM, Dave Cridland wrote:
>
>> So this means writing a SASL-in-77 spec (not impossible), and
>> working on a signing spec (Kurt, with whom I work, proposed
>> XEP-0285, but I think we've convinced him into a different
>> approach now).
>
> Well I think I and another colleague have convinced some that an
> approach I previously proposed is generally more suitable. :-) That
> is, I've long preferred an 'encapsulated' approaches over
> 'encapsulating' approaches for a number of reasons. XEP 285 came
> about due to some folks pushing back I got from the encapsulated XML
> DSIG approach discussed in XEP 274, in particular how XML elements
> were referenced from the manifest being signed and the
> canonicalization requirements, as well as general dependency on XML
> DSIG.
>
> My current plan is to introduce a 'simplified' encapsulated
> specification and then let the community/market decide which to
> progress. I hope to have this alternative drafted in the next few
> weeks.
>
> And, yes, this could be used as a way to 'authenticate' authorized
> users into rooms (clients can sign the join stanzas, the MUC service
> can verify those signatures, and then choose whether to allow the
> join or not).
That seems a lot less flexible than SASL, because you're basically
allowing only certificate-based authentication. But maybe I'm missing
someting about your proposal...
Peter
--
Peter Saint-Andre
https://stpeter.im/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6105 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://www.jabber.org/jdev/attachments/20101016/6d401538/attachment.bin>
More information about the JDev
mailing list