[Council] XEP-0185 feedback
Peter Saint-Andre
stpeter at jabber.org
Thu Feb 1 10:51:53 CST 2007
Ian Paterson wrote:
> Hi,
>
> Overall I'm +1 on XEP-0185.
>
> Should there be spaces between the concatenated strings in the example
> in Section 4?
Yes I will clean up those examples.
> Why is SHA1 being used in Section 4 instead of HMAC-SHA256?
Laziness.
> Perhaps I've not understood, but I don't find section 4.1 very
> convincing. Am I supposed to? I guess it doesn't matter, including the
> Originating Server can't hurt, and with security it's always better to
> be conservative.
All of Section 4 is purely informational. That said, I think 4.1 could
be improved to describe why it might not be good for the originating
server to reveal that it uses the same secret for two virtual domains.
Peter
--
Peter Saint-Andre
XMPP Standards Foundation
http://www.xmpp.org/xsf/people/stpeter.shtml
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/council/attachments/20070201/8db22929/smime-0001.bin
More information about the Council
mailing list