[Standards] Let's put "Instant Stream Resumption" back on Council's table

Dave Cridland dave at cridland.net
Sun Jun 5 19:58:17 UTC 2016

I still think you're trying to produce a rpelacement for SASL, and that's
something that seems much more complex and nuanced. My concern remains that
you've presented a one-size-fits-all approach, and the bulk of the problems
you're trying to fix are the same ones that SASL attempts to address.
On 5 Jun 2016 18:51, "Florian Schmaus" <flo at geekplace.eu> wrote:

> My dear members of the XMPP Council, Hi everyone else :)
> I would like to put the "Instant Stream Resumption (ISR)" XEP proposal
> back on Council's table. If I'm not mistaken, all Council members said
> to vote on list [1] in the meeting (2016-03-16) after I've re-submitted
> a overworked version of ISR, but none did so far.
> I'm aware that Dave suggested [2] to fit this into an eventually
> upcoming Multi-Step-Mechanism SASL approach [3], but this is all in the
> very early stages. I did not see much traction after [3] and I don't
> foresee an first draft of such a specification in the near future. But
> on the other hand, we need ISR now[5]! I told people at FOSDEM 2015 that
> this is one major show stopper left for XMPP on mobile, and a similar
> approach to ISR came out of the industry [4]. So there is an urgent
> requirement for it.
> I also do think that potential SASL changes can and should *not* be
> considered a blocker for ISR. There sure will be an upgrade path on
> protocol level if Multi-Step-Mechanism SASL becomes a thing.
> I hope the XMPP Council also sees the need for ISR. I believe to have
> addressed all security concerns, e.g., ISR offers mutual authentication
> of the endpoints, and it does not replace SASL and therefore does not
> weaken SASL security in any way. So I hereby ask all Council members to
> submit the pending votes.
> Of course I hope for +1's. Please ask if there is anything left unclear.
> Thanks.
> - Florian
> 1: http://mail.jabber.org/pipermail/council/2016-March/004091.html
> 2: http://mail.jabber.org/pipermail/standards/2016-March/030958.html
> 3: http://mail.jabber.org/pipermail/standards/2016-May/031047.html
> 4: http://mail.jabber.org/pipermail/standards/2016-February/030898.html
> 5: Besides: I'm not convinced (yet) that ISR should be designed like a
> SASL mechanism.
> _______________________________________________
> Standards mailing list
> Info: http://mail.jabber.org/mailman/listinfo/standards
> Unsubscribe: Standards-unsubscribe at xmpp.org
> _______________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20160605/cb2c92e4/attachment.html>

More information about the Standards mailing list