[Security] Reminder :: Draft feedback on "C2C authentication using TLS"

Pavel Simerda pavlix at pavlix.net
Sun Aug 24 16:43:26 CDT 2008

On Sun, 24 Aug 2008 20:59:22 +0200
Dirk Meyer <dmeyer at tzi.de> wrote:

> Johansson Olle E wrote:
> > Could this functionality benefit from some sort of Disco support to
> > check what the other side supports, before setting up the
> > connection?


> You could put the stuff I added as <offer> to the disco stuff. But it
> must also work serverless. And when I work link-local I can not use
> disco#query before connecting.

I don't know much about link-local messaging but if it uses DNS (which
it does), it can use it for discovery. (I don't say it's good or bad.)

For classic XMPP, it is advisable to add service discovery features for
the protocols to be used in a way or other.

I also have my own comments to the XEP:

As a "first draft" it looks good.

But then I would expect a real-world usecase with XML examples for
better understanding.

And it would be good to resolve the "SRP vs. SAS vs. whatever else"
issue or leave this possibility out of the spec before it's resolved
(so we aren't pushed by the developers to keep what we put there

A short paragraph about other possibilities to be included would do.

Furthermore, it's important to hear from Peter Saint-Andre and maybe
others about the disco features and other interoperability issues.

Another person that should IMO be heard is Dave Cridland.


> Dirk


Web: http://www.pavlix.net/
Jabber & Mail: pavlix(at)pavlix.net
OpenID: pavlix.net

More information about the Security mailing list