[Council] new JEP -- position paper needed!
mikelin at MIT.EDU
Tue Apr 2 19:36:09 CST 2002
Hi Joe, thanks a lot for the reply, it cleared a lot of things up.
> The whole point of this protocol is anti-security, frankly. We are
> actively defeating the will of the firewall administrator. Anyone who
> cares about security will just use 5222/tcp, or 5223/tcp (ssl).
I guess I follow this argument, but I think by adding the
password/session-id/seqnum token to each request we can make the
protocol on par with that of connecting to 5222/tcp for an acceptable
computational cost, which is a pretty good deal since we get around the
firewall without trading our own security moreso than we would normally.
It just seems to me like we should at least give it a shot.
I take all your other points and I have nothing more to add at this
time. Thanks again!
More information about the Council