[Council] XEP-0185 feedback

Peter Saint-Andre stpeter at jabber.org
Thu Feb 1 10:51:53 CST 2007


Ian Paterson wrote:
> Hi,
> 
> Overall I'm +1 on XEP-0185.
> 
> Should there be spaces between the concatenated strings in the example 
> in Section 4?

Yes I will clean up those examples.

> Why is SHA1 being used in Section 4 instead of HMAC-SHA256?

Laziness.

> Perhaps I've not understood, but I don't find section 4.1 very 
> convincing. Am I supposed to? I guess it doesn't matter, including the 
> Originating Server can't hurt, and with security it's always better to 
> be conservative.

All of Section 4 is purely informational. That said, I think 4.1 could 
be improved to describe why it might not be good for the originating 
server to reveal that it uses the same secret for two virtual domains.

Peter

-- 
Peter Saint-Andre
XMPP Standards Foundation
http://www.xmpp.org/xsf/people/stpeter.shtml

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/council/attachments/20070201/8db22929/smime-0001.bin


More information about the Council mailing list