[Standards-JIG] JEP-0070: Transaction ID in Digest method

Maciek Niedzielski machekku at uaznia.net
Tue May 30 11:44:19 UTC 2006

Hash: SHA1

Maciek Niedzielski wrote:
> Let's say I want to use JEP-70 with digest method.
> My web browser sends a hash (eg. MD5) of my JID + transaction ID +
> something else. A bit later, as the JEP says:
> "HTTP Server MUST pass the URL, method, JID, and transaction identifier
> to the XMPP Server for confirmation"
> How exactly the server may know the transaction identifier, if it was
> transformed by unidirectional hash function?
> I think that this ID could be passed via cnonce, since it really matches
> the original semantics of this argument.

Or maybe more secure solution would be: ask XMPP Client to provide the
same transaction ID and then compare the hashes. But this could be a
problem when one user has multiple HTTP sessions at the same time.

- --
Maciek                       A: It's against natural order of reading.
 xmpp:machekku at uaznia.net   Q: Why is that?
 xmpp:machekku at chrome.pl   A: People answering above quoted text.
                          Q: What's the most annoying on newsgroups?
Version: GnuPG v1.2.1-nr1 (Windows XP)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the Standards mailing list