[Standards] Let's put "Instant Stream Resumption" back on Council's table

Dave Cridland dave at cridland.net
Sat Jun 18 17:34:17 UTC 2016


On 18 Jun 2016 18:31, "Florian Schmaus" <flo at geekplace.eu> wrote:
>
> On 05.06.2016 21:58, Dave Cridland wrote:
> > I still think you're trying to produce a rpelacement for SASL, and
> > that's something that seems much more complex and nuanced. My concern
> > remains that you've presented a one-size-fits-all approach, and the bulk
> > of the problems you're trying to fix are the same ones that SASL
> > attempts to address.
>
> I don't think that is true at all. SASL authenticates an account,
> whereas ISR authenticates a stream resumption.
>

Are you suggesting that ISR does not perform any authentication?

> > On 5 Jun 2016 18:51, "Florian Schmaus" <flo at geekplace.eu
> > <mailto:flo at geekplace.eu>> wrote:
> >
> >     My dear members of the XMPP Council, Hi everyone else :)
> >
> >     I would like to put the "Instant Stream Resumption (ISR)" XEP
proposal
> >     back on Council's table. If I'm not mistaken, all Council members
said
> >     to vote on list [1] in the meeting (2016-03-16) after I've
re-submitted
> >     a overworked version of ISR, but none did so far.
> >
> >     I'm aware that Dave suggested [2] to fit this into an eventually
> >     upcoming Multi-Step-Mechanism SASL approach [3], but this is all in
the
> >     very early stages. I did not see much traction after [3] and I don't
> >     foresee an first draft of such a specification in the near future.
But
> >     on the other hand, we need ISR now[5]! I told people at FOSDEM 2015
that
> >     this is one major show stopper left for XMPP on mobile, and a
similar
> >     approach to ISR came out of the industry [4]. So there is an urgent
> >     requirement for it.
> >
> >     I also do think that potential SASL changes can and should *not* be
> >     considered a blocker for ISR. There sure will be an upgrade path on
> >     protocol level if Multi-Step-Mechanism SASL becomes a thing.
> >
> >     I hope the XMPP Council also sees the need for ISR. I believe to
have
> >     addressed all security concerns, e.g., ISR offers mutual
authentication
> >     of the endpoints, and it does not replace SASL and therefore does
not
> >     weaken SASL security in any way. So I hereby ask all Council
members to
> >     submit the pending votes.
> >
> >     Of course I hope for +1's. Please ask if there is anything left
unclear.
> >
> >     Thanks.
> >
> >     - Florian
> >
> >
> >     1: http://mail.jabber.org/pipermail/council/2016-March/004091.html
> >     2: http://mail.jabber.org/pipermail/standards/2016-March/030958.html
> >     3: http://mail.jabber.org/pipermail/standards/2016-May/031047.html
> >     4:
http://mail.jabber.org/pipermail/standards/2016-February/030898.html
> >     5: Besides: I'm not convinced (yet) that ISR should be designed
like a
> >     SASL mechanism.
> >
> >
> >     _______________________________________________
> >     Standards mailing list
> >     Info: http://mail.jabber.org/mailman/listinfo/standards
> >     Unsubscribe: Standards-unsubscribe at xmpp.org
> >     <mailto:Standards-unsubscribe at xmpp.org>
> >     _______________________________________________
> >
> >
> >
> > _______________________________________________
> > Standards mailing list
> > Info: http://mail.jabber.org/mailman/listinfo/standards
> > Unsubscribe: Standards-unsubscribe at xmpp.org
> > _______________________________________________
> >
>
>
>
> _______________________________________________
> Standards mailing list
> Info: http://mail.jabber.org/mailman/listinfo/standards
> Unsubscribe: Standards-unsubscribe at xmpp.org
> _______________________________________________
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20160618/669f4d4a/attachment.html>


More information about the Standards mailing list