[Standards-JIG] stream restarts
Peter Saint-Andre
stpeter at jabber.org
Fri Sep 15 12:44:55 CDT 2006
Matthias Wimmer wrote:
> Peter Saint-Andre schrieb:
>> Well, I talked about this with someone smarter than me (Joe Hildebrand),
>> who reminded me that we need the stream restarts in order to protect the
>> stream headers from man in the middle attacks (rewriting of 'to' and
>> 'from' addresses, etc.), at least (1) after TLS negotiation and (2)
>> after SASL negotiation when SASL negotiation involves installation of a
>> security layer. We don't need it after things like stream compression,
>> though.
>
> Yeah, Joe already pointed that out to a reply to my mail. I had to agree
> with him as well.
>
> Someone telling me that it would be because of some libraries having
> problems else was that astonishing for me, that I did not think about
> other valid reasons to restart the stream.
>
> It seems also very common with other protocols, that they do a complete
> restart of their connection. (Well for SASL they most of the time do it
> only if a security layer has been established, but ...)
But I don't think we need it in JEP-0138.
Peter
--
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.shtml
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/standards/attachments/20060915/fd49bfad/smime.bin
More information about the Standards-JIG
mailing list