[Standards-JIG] Re: The Great Encryption Debate

Ian Paterson ian.paterson at clientside.co.uk
Tue Aug 9 11:55:53 UTC 2005


> > RFC 3920 specifies that during TLS and SASL negotiation,
> > an entity MUST NOT send any white space characters as 
> > separators between elements. JEP-0116 has similar motivations.

> > Can we be confident that all intermediaries (including non-XMPP
> > networks) will faithfully pass on white-space between elements?

> How do current XMPP servers handle this?
> 
> If they can convert the text stream into an internal format 
> then back out again without breaking the formatting of the 
> message, there are surely already conventions on how to 
> reconstruct the XML into a form that's usable for signing?

As with TLS and SASL negotiation, JEP-0116 is just being careful when it
specifies inter-element space removal. Esessions *should* work without
the removal. But, if one server or client or gateway or non-XMPP network
fails with just one byte then the Esession fails as if there is an
attack.

- Ian




More information about the Standards mailing list