[Standards] Secure components

Philipp Hancke fippo at goodadvice.pages.de
Wed Jul 4 09:16:56 UTC 2012


On Thu, 31 May 2012, Peter Saint-Andre wrote:
>> We have http://xmpp.org/extensions/xep-0225.html - although support is
>> less widespread than for 114.
>
> Now that I have more free time, I'd be happy to finish XEP-0225. There
> are a few existing implementations, so step one might be to gather feedback.

You called for it...
I was recently considering how to do "secure" component connections.
Instead of doing 0225 I simply added a version=1.0 to the initial stream
header sent by the component which (magically) made the server send stream
features, followed by negotiation of tls, compression and sm. I kept the old
<handshake/> stuff, even though the check might be replaced by checking the
certificate along the lines of RFC 6125.

I also considered doing bidirectional s2s. Works like charm, too. The only 
advantage component connections have is that they don't require 
any negotiation of different target domains.
bidi-s2s is capable (protocol wise) of multiplexing different component
connections on the same TCP connection which might be considered an
advantage over 0114+version=1.0

Pimping 0114 might be easier than reviving 0225 :-)

cheers

philipp



More information about the Standards mailing list