[jdev] tls negotiation over. Then what ?
Matthew A. Miller
linuxwolf at outer-planes.net
Sat Mar 18 07:26:27 CST 2006
You'll need to read RFC 2831 (Using Digest Authentication as a SASL
Mechansim) to (hope to) understand the various bits.
From the IETF: http://www.ietf.org/rfc/rfc2831.txt
Formatted: http://rfc-ref.org/RFC-TEXTS/2831/index.html
God luck...
Adrian Adrian wrote:
> By secure connection I mean being able to send and receive xml packets
> that can't be intercepted and decoded by a third party. So anything
> that achieves that is good for me.
>
> I use the XIFF library for dealing with XMPP
> (http://www.jivesoftware.org/xiff)
> It's built for Flash Actionscript 2.0 and it's exactly what I need
> except it doesn't do TLS+SASL.
>
> So let me get this straight:
> In order to use TLS + SASL :
> I send out a command <starttls bla bla />
> Server sends <proceed >
> I then start a new stream, select a mechanism (digest md-5),
> server sends a challenge (base64 encoded)
>
> I decode that but I don't know what to send back. The specs say I
> shoud send this :
>
> username="somenode",realm="somerealm",\
> nonce="OA6MG9tEQGm2hh",cnonce="OA6MHXh6VqTrRk",\
> nc=00000001,qop=auth,digest-uri="xmpp/example.com",\
> response=d388dad90d4bbd760a152321f2143af7,charset=utf-8
> What are these : username, realm, nonce, cnonce, nc, qop, digest-uri,
> response ?
> Where do I get them from ?
>
> (Sorry to be dense)
>
>
>
>
>
> */Peter Saint-Andre <stpeter at jabber.org>/* wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Adrian Adrian wrote:
> > Hello,
> > I'm totally new with the xmpp protocol so this questions may
> seem too
> > easy if not plain stupid.
> > I want to comunicate with the the im (wildfire) server through
> TLS.So I
> > do what the docs tell me to do :
> > I send this command :
> >
> > And server responds with :
> >
> > Now, if I read the docs correctly, I have to start a new stream and
> > begin SASL negotiation. Is this correct ?
> > If so, more questions will follow :) The digest-md5 is really
> making my
> > head spin.
> > Isn't there an easier way to establish a secure connection ?
> (without
> > receiving challenges and stuff)
>
> Depends on what you mean by secure. :-)
>
> There is an older, nearly-deprecated method for authentication between
> clients and servers:
>
> http://www.jabber.org/jeps/jep-0078.html
>
> In the old days clients could connect on a separate SSL-enabled port
> (usually 5223, though that was never codified).
>
> But with RFC 3920, it is preferred to upgrade to TLS on port 5222 and
> then use SASL for authentication.
>
> Are you writing your own library? Why not use one of the existing code
> libraries that already does TLS+SASL?
>
> Peter
>
> - --
> Peter Saint-Andre
> Jabber Software Foundation
> http://www.jabber.org/people/stpeter.shtml
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFEGyLANF1RSzyt3NURAh6NAKDL/MysQyIZMTzojaZQdBI1m3kL/ACgvRbz
> 45Y3Jk8Co9PM7AJ5QfZEnF4=
> =Y+/I
> -----END PGP SIGNATURE-----
>
>
> ------------------------------------------------------------------------
> Relax. Yahoo! Mail virus scanning
> <http://us.rd.yahoo.com/mail_us/taglines/virusall/*http://communications.yahoo.com/features.php?page=221>
> helps detect nasty viruses!
--
- LW
"Got JABBER(R)?" <http://www.jabber.org/>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3543 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://www.jabber.org/jdev/attachments/20060318/2cf097f4/attachment-0002.bin>
More information about the JDev
mailing list