[Standards-JIG] proto-JEP: Proposed Stream Feature Improvements
Tony Finch
dot at dotat.at
Mon Aug 14 08:40:21 CDT 2006
On Sun, 13 Aug 2006, Joe Hildebrand wrote:
> There's another reason, which is that as a part of the SASL negotiation, in
> theory, you can start a security (integrity and/or privacy) layer. Just as we
> need to discard all information about the previous stream after we do
> start-tls (to prevent against man-in-the-middle attacks) we also need to
> discard the previous stream if we've negotiated a security layer, because we
> can't trust it.
>
> If the client knew that no security layer had been negotiated, and it could
> reuse the existing stream, it could tell the server not to bother with sending
> a new stream... but then it might as well have started a new stream.
In SMTP you implicitly continue using the existing context if SASL doesn't
establish a security layer. That is, the application layer at both ends is
told by the SASL layer whether or not a security layer is established, so
the application (SMTP or XMPP) knows whether or not it needs to re-start
without extra signalling.
Tony.
--
f.a.n.finch <dot at dotat.at> http://dotat.at/
FISHER: WEST OR NORTHWEST 4 OR 5 BECOMING VARIABLE 3 OR 4. FAIR. MODERATE OR
GOOD.
More information about the Standards-JIG
mailing list