-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 6/20/13 8:00 AM, Jonas Wielicki wrote:
Hi Thomas,
On 20.06.2013 05:41, Thomas Nichols wrote:
I think we have two choices. (1) Tell VTN
implementers/
deployments that they need to secure the XMPP server to prevent
VEN to VEN communication. Or (2) we require VENs to maintain a
whitelist of VTN JIDs, and drop or reject packets that are not
from an approved JID. Or maybe both.
In my humble opinion, (2) is the safest, because it does not rely
on a third party (the server) to protect the first party (the
VEN).
However, blocking the traffic at the server (as in (1)) has
benefits for the end user, as it is thus impossible to run a
denial-of-service attack on another end user with in-band messages,
which is probably desired.
I'm not sure whether there exist solutions for (1) in form of XEP
or code though.
Basically you'd want to use a highly modular codebase that includes a
module for the ability to send messages. Then just disable that
module. (However, I assume that you'd want the VENs to be able to send
messages to the VTN.)
Peter
- --
Peter Saint-Andre
https://stpeter.im/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools -
http://gpgtools.org
Comment: Using GnuPG with Thunderbird -
http://www.enigmail.net/
iQIcBAEBAgAGBQJRw3ULAAoJEOoGpJErxa2p4TIP/3FbuiDvwGJPDviYaeKOX/Wp
rr+OTDI6M5bKutTFGoltbbU/qghFViW4gkqt0r6be+/PEOUsBsCxNej0CxPGviNB
FM2FueByqG9m5I40Qp5sS1SBBLHXhhaHBGk4jZJ3OZul7eHhOKZ2SvepWpoleB0N
UNdzbIBJmowhDlKQfbSIA7vK3ln/hyZsWgq0RzJG7cyA/1wX0TPrpdp9k1dC5fJY
ODBmgYZTKtuwSRzEiqm45pZawcLM2oQB6kBoajzDheaQb5FPb+q0yAIcX6scCzEj
rhDiiOL9l5fQ3shxCoIkVPSNL0DL+W9mBBdB0RftzH1c2d8JTyYE92obKUamt2TO
3drxByeDVlv/BXcPAvtsKTt78nmlnBmFHt1HK2Voe/6LSYhaZkPUvKoIfHKCUEXg
4vE4UnCo9N6aK2oYlMGHx+vr941qzBw0f9z0t6dsidxauMKpUnE8FVcLOvvOEDXt
O+dg7Nltd34WCKVb+GnJhsxfZBTi+tJK/Vl4gpMg4sdpiUVwbHS9coQSolleW38V
IG64eVjBm3i0bJlushcCjts6npw2R4yot4Q4872ZCyigdn/uxvyIyfD3kacXoJa2
8uUqvk+w6jCCQj0j3vNFBQFG0txqn5NHMstPyXxLWAB99d+ArhLnq0vSIrLrbJco
IPzO1Ulvff/UF1agXvt5
=rCNd
-----END PGP SIGNATURE-----