[Standards] Secure components
stpeter at stpeter.im
Thu Jul 12 23:28:18 UTC 2012
On 7/4/12 3:16 AM, Philipp Hancke wrote:
> On Thu, 31 May 2012, Peter Saint-Andre wrote:
>>> We have http://xmpp.org/extensions/xep-0225.html - although support is
>>> less widespread than for 114.
>> Now that I have more free time, I'd be happy to finish XEP-0225. There
>> are a few existing implementations, so step one might be to gather
> You called for it...
> I was recently considering how to do "secure" component connections.
> Instead of doing 0225 I simply added a version=1.0 to the initial stream
> header sent by the component which (magically) made the server send stream
> features, followed by negotiation of tls, compression and sm. I kept the
> <handshake/> stuff, even though the check might be replaced by checking the
> certificate along the lines of RFC 6125.
> I also considered doing bidirectional s2s. Works like charm, too. The
> only advantage component connections have is that they don't require any
> negotiation of different target domains.
> bidi-s2s is capable (protocol wise) of multiplexing different component
> connections on the same TCP connection which might be considered an
> advantage over 0114+version=1.0
Very interesting. Thanks for the feedback!
> Pimping 0114 might be easier than reviving 0225 :-)
I hope you mean "primping" instead of "pimping". :)
But yes, that sounds like a reasonable approach.
More information about the Standards