[Standards] XTLS revisited

Dirk Meyer dmeyer at tzi.de
Mon Dec 15 18:48:42 UTC 2008


Justin Karneges wrote:
> On Monday 15 December 2008 07:46:16 Peter Saint-Andre wrote:
>> Therefore I suggest that we simplify e2e by using
>> something very close to the original XTLS proposal to set up, use, and
>> tear down and XTLS tunnel. I've outlined the protocol below.
>
> First, we should use IBB.  Sure, it adds complexity with the block sizes and 
> message vs iq, but you want this stuff. 

There is one problem hidden deep inside the current version of XTLS.
XEP-0250 requires a three-way handshake:

A sends its offer
B sends its offer based on A's
A sends final method to be used

The last step is needed to ask for a password when using SRP before you
start up your TLS lib. Right now, it is included in the first data
message. When we use IBB we can not do that. We need an extra message:

A: xtls incl. offer
B: xtls incl. offer
A: xtls incl. method
A: ibb open
B: ibb open result

It is a small change and you can send the IBB open without waiting for
the method iq result.

> The only downside is the extra round trip on startup.  If it's that
> big of a deal, we can make a special extension that lets you IBB +
> XTLS in one shot.
>
>> 1. Initiator sends start request to responder
>>
>> <iq from='romeo at montague.net/orchard'
>>     id='xtls_1'
>>     to='juliet at capulet.com/balcony'
>>     type='set'>
>>   <start xmlns='urn:xmpp:tmp:xtls'/>
>> </iq>
>
> <iq from='romeo at montague.net/orchard'
>     id='xtls_1'
>     to='juliet at capulet.com/balcony'
>     type='set'>
>   <open sid='mySID'
>       block-size='4096'
>       xmlns='http://jabber.org/protocol/ibb'>
>     <start xmlns='urn:xmpp:tmp:xtls'/>
>   </open>
> </iq>
>
>> 2. Responder tells initiator to proceed
>>
>> <iq from='juliet at capulet.com/balcony'
>>     id='xtls_1'
>>     to='romeo at montague.net/orchard'
>>     type='result'>
>>   <proceed xmlns='urn:xmpp:tmp:xtls'/>
>> </iq>
>
> <iq from='juliet at capulet.com/balcony'
>     id='xtls_1'
>     to='romeo at montague.net/orchard'
>     type='result'/>
>
> That's not much worse, is it?  If XTLS is implemented and we start needing 
> tweaks to the transport, we'll be happy we did it this way.

That would work. The error handling will be a bit complicated because if
xtls fails, you have to shut down the already open IBB link. But that's
ok for me. We need to add a note that the 3rd xtls message with the
method MUST be send BEFORE the first IBB data stanza.


Dirk

-- 
I just found out that the brain is like a computer.
If that's true, then there really aren't any stupid people.
Just people running Windows. 



More information about the Standards mailing list