[jdev] Jabberd2, Flash Client and FOCUS
Peter Saint-Andre
stpeter at jabber.org
Mon Apr 12 11:19:19 CDT 2004
On Mon, Apr 12, 2004 at 10:12:10AM -0600, Matthew A. Miller wrote:
> What will most likely break are in the stream initialization stages,
> especially SASL and TLS. The current version of HTTP-Binding does not
> completely address all of the SASL issues (specifically those regarding
> SASL mechanisms with security layers), and specifically disallows
> "inband" TLS (since HTTP has its own mechanisms for dealing with
> SSl/TLS). Otherwise, everything else should be good to go.
Disallowing inband TLS in JEP-0124 resulted from a desire to respect
proper protocol layering. Since HTTP does TLS/SSL, that seemed like the
right layer for channel encryption. Changing "MUST NOT" to "SHOULD NOT"
(or simply encouraging use of TLS at the HTTP layer) might be OK with
me, I'd have to think about it some more (the primary authors of this
spec were originally DizzyD and now mostly Ian Paterson so I'd like to
hear what they think).
> I believe the authors of HTTP-Binding are releasing a new revision
> soon. I would recommend communicating with them, and working out
> whatever additional issues need to be solved. It may be they've already
> done so, since these issues are not necessarily unique to Flash.
Ian is working on a new version, which should be out soon.
Peter
More information about the JDev
mailing list