[standards-jig] Version 0.3 of JEP-0046 / DTCP

Jer jer at jabber.org
Mon Sep 23 15:08:45 CDT 2002


I'm wondering, since what I understand to be the more-important subset 
of DTCP is simply a standard way to express the multiple potential IP's 
associated with an endpoint (multiple interfaces, SOCKS, fw's, NATs, 
PASS-like gateways, etc) is instead using a variant of 
jabber:iq:negotiate (jep-20) for that purpose alone.

Right now iq:negotiate works in the opposite direction of what is 
needed, so instead would it be wrong to do a get with no options, and 
the recipient return the list of options (ip's in this case)?  For 
example:

<iq type="get" id="1" to="jack at jabber.org/client">
   <query xmlns="jabber:iq:negotiate">
     <feature type="ip-addresses"/>
   </query>
</iq>

<iq type="result" id="1" to="jill at jabber.org/pda">
   <query xmlns="jabber:iq:negotiate">
     <feature type="ip-addresses">
       <option>1.2.3.4</option>
       <option>2.3.4.5</option>
       <option>11.22.33.44</option>
     </feature>
   </query>
</iq>

Then, when any app using any namespace need to know a list of IP's that 
might represent some other entity, there is one common way of asking 
and serving such information.

Is this pushing iq:negotiate beyond it's intent too far?

Jer

On Monday, September 23, 2002, at 03:58 AM, Ben Schumacher wrote:

> Justin-
>
...
>> It is quite possible I don't understand all of the implications here. 
>>  I am
>> not a security expert..
>
> I don't claim to be either, but I can still see a potential weakness in
> your protocol in the current proposal.
>
> Cheers,
>
> bs.
>
> _______________________________________________
> Standards-JIG mailing list
> Standards-JIG at jabber.org
> http://mailman.jabber.org/listinfo/standards-jig




More information about the Standards-JIG mailing list