[Standards] Let's put "Instant Stream Resumption" back on Council's table

Florian Schmaus flo at geekplace.eu
Sat Jun 18 17:32:44 UTC 2016


On 05.06.2016 21:58, Dave Cridland wrote:
> I still think you're trying to produce a rpelacement for SASL, and
> that's something that seems much more complex and nuanced. My concern
> remains that you've presented a one-size-fits-all approach, and the bulk
> of the problems you're trying to fix are the same ones that SASL
> attempts to address.

I don't think that is true at all. SASL authenticates an account,
whereas ISR authenticates a stream resumption.

> On 5 Jun 2016 18:51, "Florian Schmaus" <flo at geekplace.eu
> <mailto:flo at geekplace.eu>> wrote:
> 
>     My dear members of the XMPP Council, Hi everyone else :)
> 
>     I would like to put the "Instant Stream Resumption (ISR)" XEP proposal
>     back on Council's table. If I'm not mistaken, all Council members said
>     to vote on list [1] in the meeting (2016-03-16) after I've re-submitted
>     a overworked version of ISR, but none did so far.
> 
>     I'm aware that Dave suggested [2] to fit this into an eventually
>     upcoming Multi-Step-Mechanism SASL approach [3], but this is all in the
>     very early stages. I did not see much traction after [3] and I don't
>     foresee an first draft of such a specification in the near future. But
>     on the other hand, we need ISR now[5]! I told people at FOSDEM 2015 that
>     this is one major show stopper left for XMPP on mobile, and a similar
>     approach to ISR came out of the industry [4]. So there is an urgent
>     requirement for it.
> 
>     I also do think that potential SASL changes can and should *not* be
>     considered a blocker for ISR. There sure will be an upgrade path on
>     protocol level if Multi-Step-Mechanism SASL becomes a thing.
> 
>     I hope the XMPP Council also sees the need for ISR. I believe to have
>     addressed all security concerns, e.g., ISR offers mutual authentication
>     of the endpoints, and it does not replace SASL and therefore does not
>     weaken SASL security in any way. So I hereby ask all Council members to
>     submit the pending votes.
> 
>     Of course I hope for +1's. Please ask if there is anything left unclear.
> 
>     Thanks.
> 
>     - Florian
> 
> 
>     1: http://mail.jabber.org/pipermail/council/2016-March/004091.html
>     2: http://mail.jabber.org/pipermail/standards/2016-March/030958.html
>     3: http://mail.jabber.org/pipermail/standards/2016-May/031047.html
>     4: http://mail.jabber.org/pipermail/standards/2016-February/030898.html
>     5: Besides: I'm not convinced (yet) that ISR should be designed like a
>     SASL mechanism.
> 
> 
>     _______________________________________________
>     Standards mailing list
>     Info: http://mail.jabber.org/mailman/listinfo/standards
>     Unsubscribe: Standards-unsubscribe at xmpp.org
>     <mailto:Standards-unsubscribe at xmpp.org>
>     _______________________________________________
> 
> 
> 
> _______________________________________________
> Standards mailing list
> Info: http://mail.jabber.org/mailman/listinfo/standards
> Unsubscribe: Standards-unsubscribe at xmpp.org
> _______________________________________________
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 628 bytes
Desc: OpenPGP digital signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20160618/725af3df/attachment.sig>


More information about the Standards mailing list