[IOT] OpenADR comment period

Jonas Wielicki j.wielicki at sotecware.net
Thu Jun 20 14:00:02 UTC 2013


Hi Thomas,

On 20.06.2013 05:41, Thomas Nichols wrote:
> I think we have two choices.  (1) Tell VTN implementers/ deployments that
> they need to secure the XMPP server to prevent VEN to VEN communication.
> Or (2) we require VENs to maintain a whitelist of VTN JIDs, and drop or
> reject packets that are not from an approved JID.  Or maybe both.

In my humble opinion, (2) is the safest, because it does not rely on a
third party (the server) to protect the first party (the VEN).

However, blocking the traffic at the server (as in (1)) has benefits for
the end user, as it is thus impossible to run a denial-of-service attack
on another end user with in-band messages, which is probably desired.

I'm not sure whether there exist solutions for (1) in form of XEP or
code though.

regards,
Jonas

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://mail.jabber.org/pipermail/iot/attachments/20130620/917cbe5b/attachment.pgp>


More information about the IOT mailing list