[Standards] XEP 0124 section 9?
ian.paterson at clientside.co.uk
Wed Feb 14 02:36:50 UTC 2007
I'm coming to the end of a major revamp of XEP-0124. It really needed
it. Hopefully it will be released tomorrow. I'll try to clarify the
points you made in the new version.
> I'd like to understand the recommendation against TLS negotiation
> between the server and the client. Doesn't having a two TLS
> connections (Server to connection manager and connection manager to
> client) make the connection manager a tempting injection point for
> MITM attacks since the connection manager must decrypt and re-encrypt
> data? While using multiple encryption methods can sometimes lead to
> unpredictable results, using TLS twice should be safe in this context.
> TLS session negotiation, while nowhere near as secure as an 'Esession'
> and does not provide protection within the server, is at least
Your concerns are valid. However constrained clients typically can't do
TLS, and most XMPP servers have native XEP-0124 support now (i.e. the
connection manager is part of the server).
What do you have in mind? Base64 encode the binary TLS stream and wrap
it inside children of XEP-0124's <body/> elements?
More information about the Standards