[Standards] XEP-0065: SOCKS5 acknowledgement after stream activation

Peter Saint-Andre stpeter at jabber.org
Tue May 8 18:12:42 UTC 2007

Justin Karneges wrote:
> On Monday 07 May 2007 3:51 pm, Peter Saint-Andre wrote:
>> Peter Saint-Andre wrote:
>>> Jakob Schroeter wrote:
>>>> Hi,
>>>> On Tue May 1 2007, Justin Karneges wrote:
>>>>> On Monday 30 April 2007 3:37 pm, Jakob Schroeter wrote:
>>>>>> However, it seems this is not inline with the SOCKS5 spec[1], e.g.
>>>>>> immediately after the proxy acknowledged the connection to the target
>>>>>> (Section 4.6 in XEP-0065) the stream is ready to be used as far as
>>>>>> SOCKS5
>>>>>> is concerned. So calling this a 'SOCKS5 acknowledgement' is wrong,
>>>>>> IMHO.
>>>>> You're right, this looks like a goof.  Example 19 and the text above it
>>>>> should be removed I think, although I have not double-checked with my
>>>>> own
>>>>> code.
>>>>>> Further, it appears neither of the clients I tested against
>>>>>> (Iris/Kopete/Psi, Gajim, Tkabber) nor proxy65 are sending or expecting
>>>>>> such additional byte/s (if it were SOCKS5, it'd be at least two bytes:
>>>>>> X'05', X'00').
>>>>> The SOCKS5 snippets in the XEP use a short-hand, they do not describe
>>>>> entire packets.  I believe the "STATUS = X'00'" refers to the entire
>>>>> response packet, and that is just the only field we care about.  E.g.
>>>>> this
>>>>> would have been the same as the meaning of Example 15.
>>>>>> Is this a left-over from an earlier revision? Would peeple be
>>>>>> interested
>>>>>> in a (in-band?) stream-active notification from stream host to target?
>>>>> For what purpose?
>>>> A simple file retrieval protocol could use it, similar to the good old
>>>> 'fax polling'. Anyway, I was just wondering about this when
>>>> implementing 0065, and it'd be fine with me if Example 19 would be
>>>> removed as you proposed.
>>> That seems correct.
>> Er, no, I think it's a simple copy-and-paste error, where I didn't
>> change "Target" to "Initiator". The text should say:
>> ******
>> The Proxy MUST then send SOCKS5 acknowledgement of the connection to the
>> Initiator.
>> Example 19. StreamHost Acknowledges Connection to Initiator
>> STATUS = X'00'
>> ******
> In the Iris implementation, the SOCKS5 handshake between the initiator and the 
> streamhost must complete before the initiator sends the <activate> request 
> over XMPP.
> From section 4.8: "If the StreamHost used is a Proxy, the Initiator MUST 
> authenticate and establish a connection with the StreamHost before requesting 
> that the StreamHost activate bytestream."  I read "authenticate and 
> establish" to mean the entire process of the SOCKS5 handshake, including 
> acks.  This would mean that the ack would occur during 4.8, and has no place 
> in 4.9.
> I vote we drop example 19, and possibly clarify section 4.8.

Once again you are right and I'm wrong. :)

I've incorporated all the errata provided on this list recently, see here:



Peter Saint-Andre
XMPP Standards Foundation

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20070508/1f5781cb/attachment.bin>

More information about the Standards mailing list