[Security] Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing

Dave Cridland dave at cridland.net
Tue Sep 2 02:50:50 CDT 2008


On Mon Sep  1 23:13:08 2008, Pavel Simerda wrote:
> On Sun, 31 Aug 2008 20:47:47 +0200
> Dirk Meyer <dmeyer at tzi.de> wrote:
> 
> > Peter Saint-Andre wrote:
> > > Dirk Meyer wrote:
> > >> Peter wants to give XEP-0189 more love, I guess this is  
> something
> > >> that should be in it. Also the user/client keys. When he is  
> back I
> > >> can work with him to add all that stuff.
> > >
> > > Sure, let's do that. Or feel free to pull the XML out of SVN and
> > > start working on it. :)
> >
> > I just looked at it and PEP and some other XEPs and there are some
> > things I do not like. Maybe these XEPs need a small update for  
> this
> > use-case.
> >
> > 1. PEP says the last_item should only be send if the priority is  
> not
> >    negative. But all bots have a negative priority and will never  
> get
> >    the updates. Maybe an extra config option for PubSub/PEP: also  
> send
> >    to negative priority?
> 
> http://www.xmpp.org/extensions/xep-0060.html#filtered-notifications
> 
> No priority in PubSub.
> 
> In PEP:
> 
> "If a subscriber subscribed using a bare JID <localpart at domain.tld>  
> and
> a PEP service has appropriate presence information about the
> subscriber, the PEP service MUST send one notification to the full  
> JID
> (<localpart at domain.tld/resource> or <domain.tld/resource>) of each  
> of
> the subscriber's available resources that have specified  
> non-negative
> presence priority and included XEP-0115 information that indicates  
> an
> interest in the data format."
> 
> I believe that if some resource indicates an interest, it should get
> what it wants.
> 
> +1 for a change in the XEP
> 
> > 2. I like the fact that I get a notification when I start my  
> client
> >    when there is a new item (if it is configured that way). But I  
> also
> >    want to be notified when something was deleted (certificate
> >    revoked). What I would like to have is that I get a  
> notification
> >    from the server that "something has changed since I was last
> >    online" so I can get the whole tree of certificates.
> 
> You should not need to watch deleted item. Certificates are revoked,
> not deleted, revocation could be just easily announced as a new  
> item.
> 
> > Maybe move that discussion to the pubsub list? /me needs to  
> subscribe
> > to that list, too :)
> 
> Maybe, I'm not sure.

I'm sure. Copied. :-)

I (or someone) will report back with whatever it was that ended up  
being decided; in the meantime, assume that from a protocol  
perspective, we'll find a solution.

Dave.
-- 
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade


More information about the Security mailing list