[Standards-JIG] [Fwd: I-D ACTION:draft-saintandre-jabberid-01.txt]
Joe Hildebrand
hildjj at gmail.com
Thu Jul 20 08:43:35 CDT 2006
On Jul 20, 2006, at 7:07 AM, Dave Cridland wrote:
> On Thu Jul 20 13:42:29 2006, Hal Rottenberg wrote:
>> 5. Security Considerations
>> "A forged Jabber-ID
>> header may break automated processing; therefore the Jabber-ID
>> header
>> SHOULD NOT be depended upon to indicate the authenticity of the
>> message or the identity of the sender."
>> Should you mention here that the JID could be validated out-of-
>> band using xmpp?
> Probably not - you can validate that the JID's domain exists, but
> I'm not sure you can do much more automatically anyway, can you?
> Even if you could validate that the user exists, I'm not convinced
> this gains you much.
We could specify an IQ to validate that a given message-ID comes from
a given user.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1883 bytes
Desc: not available
Url : http://mail.jabber.org/pipermail/standards/attachments/20060720/d2b01ed9/smime.bin
More information about the Standards-JIG
mailing list