[Standards-JIG] stream restarts

Matthias Wimmer m at tthias.eu
Thu Sep 14 23:22:31 UTC 2006


Peter Saint-Andre schrieb:
> Well, I talked about this with someone smarter than me (Joe Hildebrand),
> who reminded me that we need the stream restarts in order to protect the
> stream headers from man in the middle attacks (rewriting of 'to' and
> 'from' addresses, etc.), at least (1) after TLS negotiation and (2)
> after SASL negotiation when SASL negotiation involves installation of a
> security layer. We don't need it after things like stream compression,
> though.

Yeah, Joe already pointed that out to a reply to my mail. I had to agree 
with him as well.

Someone telling me that it would be because of some libraries having 
problems else was that astonishing for me, that I did not think about 
other valid reasons to restart the stream.

It seems also very common with other protocols, that they do a complete 
restart of their connection. (Well for SASL they most of the time do it 
only if a security layer has been established, but ...)


Matthias


-- 
Matthias Wimmer      Fon +49-700 77 00 77 70
Züricher Str. 243    Fax +49-89 95 89 91 56
81476 München        http://ma.tthias.eu/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4263 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20060915/c83c418e/attachment.bin>


More information about the Standards mailing list