From 6a6f013f4e54a74e5816c1ca3252e336e5aaf961 Mon Sep 17 00:00:00 2001
From: Kurt Zeilenga Update discussions based upon introduction of Encapsulated Digital Signatures in XMPP,
+ an alternative to XEP-0285. At the time of this writing, XMPP E2E has not been widely implemented. XMPP E2E appears to
have limited applicability. The &xep0285; (XMPP DSIG), like the XMPP E2E, uses an encapsulating
- signature to protects the signed content from alteration as it is exchanged over an XMPP
- network. XMPP DSIG avoids certain dependencies which are believed to have hindered
- implementation of XMPP E2E. It is hoped that the XMPP DSIG will prove to be more viable
- solution than XMPP E2E. Like XMPP E2E, XMPP DSIG does not support optimistic signing. At the time of this writing, XMPP DSIG was just introduced. The &xep0027; (XMPP PGP), like the XMPP E2E, uses an encapsulating signature to protects
+ the signed content from alteration as it is exchanged over an XMPP network. Like
+ XMPP E2E, it is intended to be an end-to-end solution. At the time of this writing, XMPP PGP has not been widely implemented (though some
+ implementations do exist). XMPP PGP appears to have limited applicability. Alternative approaches have been developed. For instance, the Cross Domain Collaborative
@@ -265,14 +272,22 @@
While this approach has been implemented and deployed to some extent, the approach appears
to have applicability limited to the CDCIE. The &xmpp-dsig-new; (XMPP DSIG) is an encapsulated signature proposal similar to
+ that encapsulated approach suggested below. Unlike CDCIE-CCP approach, XMPP DSIG signatures are not "enveloped" signatures over the
+ whole stanza but signatures over a manifest and descriptive objects detailing the stanza
+ contents. An encapsulating signature is a signature approach that encapsulates the signed content
within the signature syntax. An encapsulated signature is a signature approach where the
- signature syntax in encapsulated within the structure of the signed content. XMPP E2E and
- XMPP DSIG are examples of the former. CDCIE-CCP is an example of the latter.
The following example illustrates, using pseudo language, an encapsulating signature over a &MESSAGE; stanza.
@@ -311,8 +326,8 @@ ]]> -Applicability of a simple (non-nesting) encapsulating signatures, such as in XMPP E2E and - XMPP DSIG, are generally limited to end-to-end use cases. That is, cases where the +
Applicability of a simple (non-nesting) encapsulating signatures, such as in XMPP E2E + and XMPP PGP, are generally limited to end-to-end use cases. That is, cases where the originator of a stanza signs the stanza and send it through the XMPP network to its intended recipient, and only the intended recipient is expected to make use of the signed content. Entities between the signer and the intended recipient are expected to forward of the stanza @@ -456,12 +471,12 @@
-This document explores the possibility of an - approach that is similar to but simpler than RFC 3923. Like the approach detailed in RFC 3923, - the approach detailed does not support optimistic signing.
+This document explores the possibility of an approach that is similar to but simpler than + RFC 3923. Like the approach detailed in RFC 3923, the approach utilizes encapsulating + digital signatures.
+Like other encapsulating signature approaches (e.g., &xep0027;), this approach does not + support optimistic signing.
The process that a sending agent follows for securing stanzas is very similar regardless of