[Standards] XEP 0124 Section 9
ian.paterson at clientside.co.uk
Thu Feb 15 19:22:21 UTC 2007
Steve Shaffer wrote:
> Perhaps a system could be worked out that validates the integrity of
> the connection manager(CM)
Well, if your client uses HTTPS (SSL/TLS) then it is validating the
identity of the CM (via its SSL certificate). And the server knows that
the client seems to trust the CM (otherwise how did the CM authenticate
on behalf of the client). Is that enough?
> If the integrity of the connection manager can be assessed then
> relying on TLS between the server and the CM and Https (TLS)
> between the CM and the client is a better option than burdening the
I guess it is good enough for this version of XEP-0124. We'll look at
this again in the future.
> There is a place for a remote external CM even when all servers have
> HTTP connection managers. In particular where messaging is a part of
> a larger suite of web services.
Yes. Although XEP-0124's new Alternative Script Syntax reduces the need
significantly, since it allows clients to connect cross-domain. Here's
the working copy:
More information about the Standards