[Standards] Any protocol to request encrypted connections?

Peter Saint-Andre stpeter at jabber.org
Mon Feb 5 17:30:59 UTC 2007


Matthias Wimmer wrote:
> Do we have any XEP, that allows a client to request, that a message is 
> only allowed to be forwarded by a server using encrypted connections 
> where the destination of the message has been authenticated?

We don't have anything like that yet.

> In general: I think we should start thinking about better identity 
> verification of the destination of a XMPP link. On s2s connections using 
> dialback we currently have NO verification, that the destination is the 
> server we expect it to be.  An attacker, that is able to reroute a
> connection to his own server (either by modifying the DNS entries of the 
> destination server or by hijacking the connection at the IP layer) will 
> get the stanzas, that are addressed to the attacked entity.

Does TLS + SASL address your concern?

> With the currently deployed Jabber network, I think we are doing a 
> better job in verifying that the source of a message cannot be forged, 
> than verifying that the message is delivered to the right receipient.

Well, and even when we verify the identity of the destination server, we 
don't verify that the destination server is properly routing the stanza 
to the intended recipient. But I'd think that encrypted sessions would 
help here.

Peter

-- 
Peter Saint-Andre
XMPP Standards Foundation
http://www.xmpp.org/xsf/people/stpeter.shtml

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20070205/6211a2d7/attachment.bin>


More information about the Standards mailing list