[Standards] Addressing Security Concerns in XEP-0115 Entity Capabilities

Joe Hildebrand joe.hildebrand at webex.com
Wed Sep 14 23:32:39 UTC 2011


On 9/14/11 4:31 PM, "Waqas Hussain" <waqas20 at gmail.com> wrote:

> An entity which understood double verify would have the option to
> either be vulnerable to poisoning, or participate in IQ floods. It's
> this that I'm against.

Presumably, the new XEP would recommend that you negatively cache in the
case that it rejected an unverified caps result.

> So poisoning succeeds. And what happens with these logs? How do you
> find the poison needle in the haystack of legitimate messages? I hope
> you don't want admins to do this...

You have the choice.  All of your clients can just reject caps that don't
have the second hash, and negatively cache them.

Some of my clients will want to do backward-compatibility for the next year
or two, but that's a risk I'm willing to take on behalf of my customers.

-- 
Joe Hildebrand




More information about the Standards mailing list