[jdev] Scope of current RFC3920 SASL implementation
Dirk Meyer
dmeyer at tzi.de
Sun Jan 25 12:30:39 CST 2009
Richard Smith wrote:
> Dirk Meyer wrote:
>> Thinking of web services connected over XMPP, this sounds useful. Maybe
>> we can define some sort of SASL in IQ stanzas. But this will be an
>> insecure connection. Maybe you want to use E2E security in this use
>> case.
>
> E2E secures the transport... SASL in IQ stanzas would authenticate the
> user... This is my thinking at least...
Yes, but if we need authentication to make the transport secure, we need
to know that there is no man-in-the-middle. I guess TLS-SRP would work
perfect for you: the user provides a password with SRP and the peer
provides a certificate the user can check. Based on that the channel
will be secure.
If you only do SASL, you can not be sure that someone changes the data
after the SASL authentication. Maybe you don't need to if you trust the
XMPP servers involved.
Dirk
--
panic("kmem_cache_init(): Offsets are wrong - I've been messed with!");
2.2.16 /usr/src/linux/mm/slab.c
More information about the JDev
mailing list