[Standards] Any protocol to request encrypted connections?

Joe Hildebrand hildjj at gmail.com
Mon Feb 5 14:31:50 UTC 2007


Maybe there should be one "must-understand" extension, that then has  
elements inside that point to specific things that each hop must do.
- Encryption
- Authentication
- Authorization
- AMP
- QoS
- etc.

Of course, unless we design carefully, that protocol probably starts  
to look like XEP-76. :)

On Feb 4, 2007, at 6:28 PM, Matthias Wimmer wrote:

> Do we have any XEP, that allows a client to request, that a message  
> is only allowed to be forwarded by a server using encrypted  
> connections where the destination of the message has been  
> authenticated?
>
> In general: I think we should start thinking about better identity  
> verification of the destination of a XMPP link. On s2s connections  
> using dialback we currently have NO verification, that the  
> destination is the server we expect it to be. An attacker, that is  
> able to reroute a connection to his own server (either by modifying  
> the DNS entries of the destination server or by hijacking the  
> connection at the IP layer) will get the stanzas, that are  
> addressed to the attacked entity.
> With the currently deployed Jabber network, I think we are doing a  
> better job in verifying that the source of a message cannot be  
> forged, than verifying that the message is delivered to the right  
> receipient.
>
>
>
> Matthias




More information about the Standards mailing list