[Security] TLS Certificates Verification

Jonathan Schleifer js-xmpp-security at webkeks.org
Tue Aug 19 16:12:51 CDT 2008


Dirk Meyer <dmeyer at tzi.de> wrote:

> You open a stream from client to client. It could be based on In-band
> bytestreams. Normally used for file transfer and stuff like that we
> use it to open a new stream. So you have one stream to the server and
> one stream (maybe tunneled through the server) to the other
> client. You can open as many streams to other clients as you want.

So you encode that XML stream in base64 and transfer it inbound? Ah,
ok. That explains how you can have more than one of them. But this
looks VERY hacky to me. Base64 encoded XML in XML.

-- 
Jonathan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
Url : http://mail.jabber.org/pipermail/security/attachments/20080819/6b1c8f57/attachment-0001.pgp 


More information about the Security mailing list