[Standards] XTLS revisited
justin-keyword-jabber.093179 at affinix.com
Mon Dec 15 19:02:36 UTC 2008
On Monday 15 December 2008 10:48:42 Dirk Meyer wrote:
> There is one problem hidden deep inside the current version of XTLS.
> XEP-0250 requires a three-way handshake:
> A sends its offer
> B sends its offer based on A's
> A sends final method to be used
> The last step is needed to ask for a password when using SRP before you
> start up your TLS lib. Right now, it is included in the first data
> message. When we use IBB we can not do that. We need an extra message:
> A: xtls incl. offer
> B: xtls incl. offer
> A: xtls incl. method
> A: ibb open
> B: ibb open result
> It is a small change and you can send the IBB open without waiting for
> the method iq result.
Ah yes, I forgot about possible setup stuff. I don't know enough about SRP to
say what is needed there. I figure most negotiation is fine within TLS
itself unless we're shoehorning something, like PGP.
I'm fine with having non-IBB exchanges for setup then, as they aren't part of
the TLS bytestream.
> ok for me. We need to add a note that the 3rd xtls message with the
> method MUST be send BEFORE the first IBB data stanza.
Now that I think about it, XTLS initialization containing IBB information
makes more sense than IBB initialization containing XTLS information. So
with that in mind, maybe it's better to just not open the IBB session until
the 3rd XTLS message. That message would indicate the IBB information.
More information about the Standards