[Security] TLS Certificates Verification

Jonathan Schleifer js-xmpp-security at webkeks.org
Wed Aug 20 11:20:08 CDT 2008


Jonathan Dickinson <jonathanD at k2.com> wrote:

> You are pretty much describing IBB. Having an actual message is a
> moot point. The users would have set up ESessions or IBB which means
> they both support it. If they don't both support it, the whole
> process will break long before they get to use IBB or ESessions.

This pretty much shows you never used such a technology in real world.
We actually *HAD* the case that messages got to the wrong resource due
to one resource going offline etc. and otherwise you would never notice
something got lost!

> Having it in a message stanza makes no sense.

As I stated above, it absolutely does.

-- 
Jonathan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
Url : http://mail.jabber.org/pipermail/security/attachments/20080820/6a19bee1/attachment.pgp 


More information about the Security mailing list