[Standards-JIG] [Fwd: I-D ACTION:draft-saintandre-jabberid-01.txt]
dave at cridland.net
Thu Jul 20 13:55:13 UTC 2006
On Thu Jul 20 14:43:35 2006, Joe Hildebrand wrote:
> On Jul 20, 2006, at 7:07 AM, Dave Cridland wrote:
>> On Thu Jul 20 13:42:29 2006, Hal Rottenberg wrote:
>>> 5. Security Considerations
>>> "A forged Jabber-ID
>>> header may break automated processing; therefore the Jabber-ID
>>> SHOULD NOT be depended upon to indicate the authenticity of the
>>> message or the identity of the sender."
>>> Should you mention here that the JID could be validated out-of-
>>> band using xmpp?
>> Probably not - you can validate that the JID's domain exists, but
>> I'm not sure you can do much more automatically anyway, can you?
>> Even if you could validate that the user exists, I'm not convinced
>> this gains you much.
> We could specify an IQ to validate that a given message-ID comes
> from a given user.
... in another specification.
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at jabber.org
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
More information about the Standards