[jdev] Jabberd2, Flash Client and FOCUS

dlb civintel at comcast.net
Mon Apr 12 11:56:52 CDT 2004 

Flash doesn't support either of these natively anyway, it relies on the
browser's http
and encryption facilities. There's no way to encrypt the XMLSocket session.
You'd have to embed the Flash OCX  in a secured wrapper, and if you've gone
that far you may as well fix the null byte problem. So on balance it's no
loss.

I'll have to review the JEPs.
I'd imagine that p2p based schemes could be affected.



----- Original Message -----
From: "Peter Saint-Andre" <stpeter at jabber.org>
To: "Jabber software development list" <jdev at jabber.org>
Sent: Monday, April 12, 2004 12:19 PM
Subject: Re: [jdev] Jabberd2, Flash Client and FOCUS


> On Mon, Apr 12, 2004 at 10:12:10AM -0600, Matthew A. Miller wrote:
> > What will most likely break are in the stream initialization stages,
> > especially SASL and TLS.  The current version of HTTP-Binding does not
> > completely address all of the SASL issues (specifically those regarding
> > SASL mechanisms with security layers), and specifically disallows
> > "inband" TLS (since HTTP has its own mechanisms for dealing with
> > SSl/TLS).  Otherwise, everything else should be good to go.
>
> Disallowing inband TLS in JEP-0124 resulted from a desire to respect
> proper protocol layering. Since HTTP does TLS/SSL, that seemed like the
> right layer for channel encryption. Changing "MUST NOT" to "SHOULD NOT"
> (or simply encouraging use of TLS at the HTTP layer) might be OK with
> me, I'd have to think about it some more (the primary authors of this
> spec were originally DizzyD and now mostly Ian Paterson so I'd like to
> hear what they think).
>
> > I believe the authors of HTTP-Binding are releasing a new revision
> > soon.  I would recommend communicating with them, and working out
> > whatever additional issues need to be solved.  It may be they've already
> > done so, since these issues are not necessarily unique to Flash.
>
> Ian is working on a new version, which should be out soon.
>
> Peter
>
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> https://jabberstudio.org/mailman/listinfo/jdev

More information about the JDev mailing list