[Council] XEP-0185 feedback

Peter Saint-Andre stpeter at jabber.org
Thu Feb 1 12:03:09 CST 2007


Peter Saint-Andre wrote:
> Ian Paterson wrote:
>> Hi,
>>
>> Overall I'm +1 on XEP-0185.
>>
>> Should there be spaces between the concatenated strings in the example 
>> in Section 4?
> 
> Yes I will clean up those examples.
> 
>> Why is SHA1 being used in Section 4 instead of HMAC-SHA256?
> 
> Laziness.

Laziness on my part, let me add.

>> Perhaps I've not understood, but I don't find section 4.1 very 
>> convincing. Am I supposed to? I guess it doesn't matter, including the 
>> Originating Server can't hurt, and with security it's always better to 
>> be conservative.
> 
> All of Section 4 is purely informational. That said, I think 4.1 could 
> be improved to describe why it might not be good for the originating 
> server to reveal that it uses the same secret for two virtual domains.

I chatted with Philipp Hancke (the spec author) and we think it's 
probably best to simply remove Section 4 of XEP-0185. Objections?

Peter

-- 
Peter Saint-Andre
XMPP Standards Foundation
http://www.xmpp.org/xsf/people/stpeter.shtml

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/council/attachments/20070201/62e8b659/smime.bin


More information about the Council mailing list