[Standards] Proposed XMPP Extension: Instant Stream Resumption

Florian Schmaus flo at geekplace.eu
Tue Feb 16 20:18:42 UTC 2016


On 16.02.2016 20:01, Thijs Alkemade wrote:
> 
>> On 16 feb. 2016, at 17:18, XMPP Extensions Editor <editor at xmpp.org> wrote:
>>
>> The XMPP Extensions Editor has received a proposal for a new XEP.
>>
>> Title: Instant Stream Resumption
>>
>> Abstract: This specification introduces an mechanism for instant
>>  stream resumption, based on Stream Management (XEP-0198), allowing
>>  XMPP entities to instantaneously resume an XMPP stream.
>>
>> URL: http://xmpp.org/extensions/inbox/isr.html
>>
>> The XMPP Council will decide in the next two weeks whether to accept this proposal as an official XEP.
> 
> 
> I'll just repeat my point that all quick connection attempts so far seem to
> throw out mutual authentication without hesitation. That may be an acceptable
> trade-off in certain scenarios, but it should be emphasized that it decreases
> security.

Thanks for your feedback Thijs. As always, much appreciated. I'd like to
say that it's in fact the first time that someone directs me into the
mutual authentication problematic.


Would adding a 'remotetok' be sufficient. E.g.

<enabled
  xmlns='urn:xmpp:sm:3'
  xmlns:isr='urn:xmpp:isr:0'
  isr:tok='a0b9162d-0981-4c7d-9174-1f55aedd1f52'
  isr:remotetok='fe418035-4e1e-4b26-a406-2d7191995e97'/>

And then on instant resumption the initiator sends

<inst-resume
  xmlns='urn:xmpp:isr:0'
  tok='a0b9162d-0981-4c7d-9174-1f55aedd1f52'
  h='42'/>

and the remote part responds with

<inst-resumed
  xmlns='urn:xmpp:isr:0'
  prev-remotetok='fe418035-4e1e-4b26-a406-2d7191995e97'
  tok='006b1a29-c549-41c7-a12c-2a931822f8c0'
  remotetok='b5defa69-a337-4a0c-8a03-a83ca1d26a2c'
  h='21'/>

Could it really be so easy to add mutual authentication to ISR, or am I
missing something?

- Florian


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 603 bytes
Desc: OpenPGP digital signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20160216/df71c22e/attachment.sig>


More information about the Standards mailing list