Hi Thomas,
On 20.06.2013 05:41, Thomas Nichols wrote:
I think we have two choices. (1) Tell VTN
implementers/ deployments that
they need to secure the XMPP server to prevent VEN to VEN communication.
Or (2) we require VENs to maintain a whitelist of VTN JIDs, and drop or
reject packets that are not from an approved JID. Or maybe both.
In my humble opinion, (2) is the safest, because it does not rely on a
third party (the server) to protect the first party (the VEN).
However, blocking the traffic at the server (as in (1)) has benefits for
the end user, as it is thus impossible to run a denial-of-service attack
on another end user with in-band messages, which is probably desired.
I'm not sure whether there exist solutions for (1) in form of XEP or
code though.
regards,
Jonas