[Security] Reminder :: Draft feedback on "C2C authentication using TLS"

Pedro Melo melo at simplicidade.org
Mon Aug 25 05:17:52 CDT 2008


On Aug 25, 2008, at 11:15 AM, Jonathan Schleifer wrote:

> Am 25.08.2008 um 12:02 schrieb Pedro Melo:
>
>> Why not use:
>>
>> <feature var='urn:xmpp:tmp:tlsauth' />
>> <feature var='urn:xmpp:tmp:tlsauth:x509cert' />
>> <feature var='urn:xmpp:tmp:tlsauth:pgpcert' />
>> <feature var='urn:xmpp:tmp:tlsauth:srp' />
>
>
> That's exactly what I proposed, but I won't call it tlsauth, because  
> what should urn:xmpp:tmp:tlsauth be then? c2ctls would be better IMO.

Sure.

My point was not about the namespace (I just copied and pasted from  
the previous example) but making sure that we don't start placing per- 
user information on disco#info replies, something that will break Caps  
caching.

Best regards,
-- 
Pedro Melo
Blog: http://www.simplicidade.org/notes/
XMPP ID: melo at simplicidade.org
Use XMPP!




More information about the Security mailing list