[Standards] Proposed XMPP Extension: Instant Stream Resumption
daniel at gultsch.de
Wed Feb 17 16:29:48 UTC 2016
The remote-tok thing doesn't work because at this point it is already too
late as the server (read a potential MiM attacker) already receiced the
token. I think the server needs to be authenticated before the clients
sends the tok. Or am I misunderstanding the problem? Maybe the client could
at the very least verify that the certificate hasn't changed?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Standards