[Standards] XEP-0115 redux
Peter Saint-Andre
stpeter at stpeter.im
Thu Jan 10 11:42:47 CST 2008
Justin Karneges wrote:
> On Thursday 10 January 2008 8:32 am, Peter Saint-Andre wrote:
>> The hashing algorithm matters because when you send me caps, I need to
>> verify the contents (i.e., the long string of identity+features that you
>> used as input to the hash function). The spec says:
>>
>> The requesting entity MUST check the identities and supported
>> features against the 'ver' value by calculating the hash as described
>> under Generation of the ver Attribute and making sure that the values
>> match.
>>
>> This helps me be sure that you're not poisoning the caps ecosystem. But
>> if you used SHA-384 to generate the hash and I don't support that
>> algorithm, then I can't verify the contents.
>>
>> Or so it seems to me. :)
>
> In the case where you don't understand the hash algorithm, would it be enough
> to simply cache the hash value on a per-jid basis and not bother verifying
> it? As I understand it, the only reason for the security discussion we're
> having is because one jid is allowed to speak for another. However, per-jid
> caching is naturally secure and should be quite effective if your client has
> a disk cache.
It's probably a good idea to have some text about what you do when you
receive a caps notification using a hash you don't understand, but
hopefully if we settle on a MTI algorithm that won't happen so often.
I'll do some wordsmithing on the text you provided, thanks.
Peter
--
Peter Saint-Andre
https://stpeter.im/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/standards/attachments/20080110/200c872d/attachment.bin
More information about the Standards
mailing list