[Standards] Proposed XMPP Extension: Instant Stream Resumption

Daniel Gultsch daniel at gultsch.de
Wed Feb 17 16:29:48 UTC 2016


The remote-tok thing doesn't work because at this point it is already too
late as the server (read a potential MiM attacker) already receiced the
token. I think the server needs to be authenticated before the clients
sends the tok. Or am I misunderstanding the problem? Maybe the client could
at the very least verify that the certificate hasn't changed?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20160217/d77424a5/attachment.html>


More information about the Standards mailing list