[Standards] [E2E] Why we need a <body> element

Dirk Meyer dmeyer at tzi.de
Tue Sep 30 08:22:11 CDT 2008


Jonathan Schleifer wrote:
> We had proposals for end-to-end encryption using TLS here. It was
> suggested to use a stream in a stream using Jingle inbound. These
> stream will be encapsulated in the stream using <message>s or <iq>s
> then. And I think we should go for <message>s, but also include a
> <body> that states that this is part of an encrypted session. 

There is no statement in the XEP that the stream in inband. The
clients can use SOCKS5 or a direct connection for the private
stream. I do not see were you want to put the body in that case.

> It was argued that the message may never get to the wrong resource
> when I mentioned that problem, but the example posted before states
> the opposite, that it indeed DOES happen in the real world.

If you use IQ stanzas for e2e streams they should never reach the
wrong resource. If they do, it is a bug in the server. And even if
they do, the receiver should rehect that IBB stanza (unknown sid) and
the sender knows that the e2e stream is broken.


Dirk

-- 
/* Nobody will ever see this message :-) */
panic("Cannot initialize video hardware\n");
	2.0.38 /usr/src/linux/arch/m68k/atari/atafb.c


More information about the Standards mailing list