[Standards] Secure components

Peter Saint-Andre stpeter at stpeter.im
Thu Jul 12 23:28:18 UTC 2012


On 7/4/12 3:16 AM, Philipp Hancke wrote:
> On Thu, 31 May 2012, Peter Saint-Andre wrote:
>>> We have http://xmpp.org/extensions/xep-0225.html - although support is
>>> less widespread than for 114.
>>
>> Now that I have more free time, I'd be happy to finish XEP-0225. There
>> are a few existing implementations, so step one might be to gather
>> feedback.
> 
> You called for it...
> I was recently considering how to do "secure" component connections.
> Instead of doing 0225 I simply added a version=1.0 to the initial stream
> header sent by the component which (magically) made the server send stream
> features, followed by negotiation of tls, compression and sm. I kept the
> old
> <handshake/> stuff, even though the check might be replaced by checking the
> certificate along the lines of RFC 6125.
> 
> I also considered doing bidirectional s2s. Works like charm, too. The
> only advantage component connections have is that they don't require any
> negotiation of different target domains.
> bidi-s2s is capable (protocol wise) of multiplexing different component
> connections on the same TCP connection which might be considered an
> advantage over 0114+version=1.0

Very interesting. Thanks for the feedback!

> Pimping 0114 might be easier than reviving 0225 :-)

I hope you mean "primping" instead of "pimping". :)

But yes, that sounds like a reasonable approach.

Peter

-- 
Peter Saint-Andre
https://stpeter.im/







More information about the Standards mailing list