[Standards-JIG] stream restarts

Peter Saint-Andre stpeter at jabber.org
Fri Sep 15 17:44:55 UTC 2006


Matthias Wimmer wrote:
> Peter Saint-Andre schrieb:
>> Well, I talked about this with someone smarter than me (Joe Hildebrand),
>> who reminded me that we need the stream restarts in order to protect the
>> stream headers from man in the middle attacks (rewriting of 'to' and
>> 'from' addresses, etc.), at least (1) after TLS negotiation and (2)
>> after SASL negotiation when SASL negotiation involves installation of a
>> security layer. We don't need it after things like stream compression,
>> though.
> 
> Yeah, Joe already pointed that out to a reply to my mail. I had to agree
> with him as well.
> 
> Someone telling me that it would be because of some libraries having
> problems else was that astonishing for me, that I did not think about
> other valid reasons to restart the stream.
> 
> It seems also very common with other protocols, that they do a complete
> restart of their connection. (Well for SASL they most of the time do it
> only if a security layer has been established, but ...)

But I don't think we need it in JEP-0138.

Peter

-- 
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.shtml

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20060915/fd49bfad/attachment.bin>


More information about the Standards mailing list