[jdev] XMPP "APIs"

Kim Alvefur zash at zash.se
Fri Jan 25 16:36:07 UTC 2013


On 2013-01-13 09:47, Justin Karneges wrote:
> Good point. I think this problem can be mostly solved with TLS and s2s. My 
> plan, which I have not yet implemented, is to allow setting a "TLS required" 
> flag on any whitelisted JID. The XMPP server itself would not enforce TLS, and 
> instead negotiate it opportunistically, but I'd need to hack it to tell my 
> server app whether an incoming stanza arrived from a TLS-protected stream or 
> not, so that my server app could make the choice of whether to accept or 
> reject.

It would be interesting to have some method of knowing if a stanza was
received over a secure connection (by the previous node, ie your
server), as well as a method of saying "only deliver this stanza over a
secure connection".  The later can be accomplished by Security
Labels[XEP-0258] and policy enforcement by the server(s), but might be a
bit overkill for simpler deployments.

[XEP-0258]: http://xmpp.org/extensions/xep-0258.html

Kim "Zash" Alvefur

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20130125/57cd1abb/attachment.pgp>

More information about the JDev mailing list