[jdev] tls negotiation over. Then what ?

Matthew A. Miller linuxwolf at outer-planes.net
Sat Mar 18 07:26:27 CST 2006


You'll need to read RFC 2831 (Using Digest Authentication as a SASL 
Mechansim) to (hope to) understand the various bits.

 From the IETF:    http://www.ietf.org/rfc/rfc2831.txt
Formatted:           http://rfc-ref.org/RFC-TEXTS/2831/index.html

God luck...

Adrian Adrian wrote:
> By secure connection I mean being able to send and receive xml packets 
> that can't be intercepted and decoded by a third party. So anything 
> that achieves that is good for me.
>  
> I use the XIFF library for dealing with XMPP 
> (http://www.jivesoftware.org/xiff)
> It's built for Flash Actionscript 2.0 and it's exactly what I need 
> except it doesn't do TLS+SASL.
>  
> So let me get this straight:
> In order to use TLS + SASL :
> I send out a command <starttls bla bla />
> Server sends <proceed >
> I then start a new stream, select a mechanism (digest md-5),
> server sends a challenge (base64 encoded)
>  
> I decode that but I don't know what to send back. The specs say I 
> shoud send this :
>  
> username="somenode",realm="somerealm",\
> nonce="OA6MG9tEQGm2hh",cnonce="OA6MHXh6VqTrRk",\
> nc=00000001,qop=auth,digest-uri="xmpp/example.com",\
> response=d388dad90d4bbd760a152321f2143af7,charset=utf-8
> What are these : username, realm, nonce, cnonce, nc, qop, digest-uri, 
> response ?
> Where do I get them from ?
>  
> (Sorry to be dense)
>  
>  
>  
>
>
> */Peter Saint-Andre <stpeter at jabber.org>/* wrote:
>
>     -----BEGIN PGP SIGNED MESSAGE-----
>     Hash: SHA1
>
>     Adrian Adrian wrote:
>     > Hello,
>     > I'm totally new with the xmpp protocol so this questions may
>     seem too
>     > easy if not plain stupid.
>     > I want to comunicate with the the im (wildfire) server through
>     TLS.So I
>     > do what the docs tell me to do :
>     > I send this command :
>     >
>     > And server responds with :
>     >
>     > Now, if I read the docs correctly, I have to start a new stream and
>     > begin SASL negotiation. Is this correct ?
>     > If so, more questions will follow :) The digest-md5 is really
>     making my
>     > head spin.
>     > Isn't there an easier way to establish a secure connection ?
>     (without
>     > receiving challenges and stuff)
>
>     Depends on what you mean by secure. :-)
>
>     There is an older, nearly-deprecated method for authentication between
>     clients and servers:
>
>     http://www.jabber.org/jeps/jep-0078.html
>
>     In the old days clients could connect on a separate SSL-enabled port
>     (usually 5223, though that was never codified).
>
>     But with RFC 3920, it is preferred to upgrade to TLS on port 5222 and
>     then use SASL for authentication.
>
>     Are you writing your own library? Why not use one of the existing code
>     libraries that already does TLS+SASL?
>
>     Peter
>
>     - --
>     Peter Saint-Andre
>     Jabber Software Foundation
>     http://www.jabber.org/people/stpeter.shtml
>
>     -----BEGIN PGP SIGNATURE-----
>     Version: GnuPG v1.4.1 (Darwin)
>     Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
>     iD8DBQFEGyLANF1RSzyt3NURAh6NAKDL/MysQyIZMTzojaZQdBI1m3kL/ACgvRbz
>     45Y3Jk8Co9PM7AJ5QfZEnF4=
>     =Y+/I
>     -----END PGP SIGNATURE-----
>
>
> ------------------------------------------------------------------------
> Relax. Yahoo! Mail virus scanning 
> <http://us.rd.yahoo.com/mail_us/taglines/virusall/*http://communications.yahoo.com/features.php?page=221> 
> helps detect nasty viruses! 

-- 
-  LW

"Got JABBER(R)?" <http://www.jabber.org/>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3543 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20060318/2cf097f4/attachment-0002.bin>


More information about the JDev mailing list