[standards-jig] JEP-0025 "Jabber HTTP Polling": security

M.Kiesel maqi at exmail.de
Mon Apr 29 23:08:29 UTC 2002

On Mon, 29 Apr 2002, Thomas Parslow (PatRat) wrote:

> I'm not at all experienced with security stuff so there's probably
> something I'm missing but how about sending a hash of a randomly
> generated key with each request along with the key from the previous
> request (not hashed)?

That is a special case of the suggested protocol (don't hash 100 times but
only one time). It's a bit easier to implement but needs more bandwidth
which may be critical with a protocol that polls ~ once a second.

BTW that's a reason to leave the cookie away also and perhaps use base64
encoding for the hash (not hex encoding) which again saves some bytes.


More information about the Standards mailing list