[Standards-JIG] stream restarts
Matthias Wimmer
m at tthias.eu
Thu Sep 14 18:22:31 CDT 2006
Peter Saint-Andre schrieb:
> Well, I talked about this with someone smarter than me (Joe Hildebrand),
> who reminded me that we need the stream restarts in order to protect the
> stream headers from man in the middle attacks (rewriting of 'to' and
> 'from' addresses, etc.), at least (1) after TLS negotiation and (2)
> after SASL negotiation when SASL negotiation involves installation of a
> security layer. We don't need it after things like stream compression,
> though.
Yeah, Joe already pointed that out to a reply to my mail. I had to agree
with him as well.
Someone telling me that it would be because of some libraries having
problems else was that astonishing for me, that I did not think about
other valid reasons to restart the stream.
It seems also very common with other protocols, that they do a complete
restart of their connection. (Well for SASL they most of the time do it
only if a security layer has been established, but ...)
Matthias
--
Matthias Wimmer Fon +49-700 77 00 77 70
Züricher Str. 243 Fax +49-89 95 89 91 56
81476 München http://ma.tthias.eu/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4263 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/standards/attachments/20060915/c83c418e/smime.bin
More information about the Standards-JIG
mailing list