[Foundation] Let's propose JEP-0046 (DTCP)
crabbkw at nafai.dyndns.org
Wed Dec 4 12:43:05 CST 2002
-----BEGIN PGP SIGNED MESSAGE-----
- -1 For now.
It needs the socket hijacking security concern fixed.
Currently someone who is able to listen to (but not alter) the jabber
server connection can act as the listener for a dtcp connection and
successfully establish the dtcp connection.
Some key should be sent over the dtcp connection which has to be echoed
on the jabber connection so that you are sure either
1) this is the correct person or
2) Someone has the capability of altering data in the jabber stream (in
which case you can not trust anything).
When this is fixed I'll +1 for last call.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Members