[Foundation] Let's propose JEP-0046 (DTCP)

Casey Crabb crabbkw at nafai.dyndns.org
Wed Dec 4 12:43:05 CST 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -1 For now.
It needs the socket hijacking security concern fixed.

Currently someone who is able to listen to (but not alter) the jabber
server connection can act as the listener for a dtcp connection and
successfully establish the dtcp connection.

Some key should be sent over the dtcp connection which has to be echoed
on the jabber connection so that you are sure either
1) this is the correct person    or
2) Someone has the capability of altering data in the jabber stream (in
which case you can not trust anything).

When this is fixed I'll +1 for last call.


- --
Casey
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE97ky4UidG/HUEju8RAv5HAKCZNpf4E5USuvqaM9rlGUjXQGJ2CQCfXtP8
cUsely2gQzC9AP+T4rir/RU=
=LFkR
-----END PGP SIGNATURE-----




More information about the Members mailing list