[Standards-JIG] [Fwd: I-D ACTION:draft-saintandre-jabberid-01.txt]

Joe Hildebrand hildjj at gmail.com
Thu Jul 20 13:43:35 UTC 2006

On Jul 20, 2006, at 7:07 AM, Dave Cridland wrote:

> On Thu Jul 20 13:42:29 2006, Hal Rottenberg wrote:
>> 5.  Security Considerations
>>  "A forged Jabber-ID
>>   header may break automated processing; therefore the Jabber-ID  
>> header
>>   SHOULD NOT be depended upon to indicate the authenticity of the
>>   message or the identity of the sender."
>> Should you mention here that the JID could be validated out-of- 
>> band using xmpp?
> Probably not - you can validate that the JID's domain exists, but  
> I'm not sure you can do much more automatically anyway, can you?  
> Even if you could validate that the user exists, I'm not convinced  
> this gains you much.

We could specify an IQ to validate that a given message-ID comes from  
a given user.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1883 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/standards/attachments/20060720/d2b01ed9/attachment.bin>

More information about the Standards mailing list