[jdev] Alternate MUC Authentication Mechanisms
Dave Cridland
dave at cridland.net
Thu Oct 21 15:00:34 CST 2010
On Thu Oct 21 20:08:42 2010, Alex Milowski wrote:
> Most simply, I want to be able to use something like DIGEST
> authentication to keep the shared secret from being exposed. I
> think
> that is a simple request that is fairly straightforward to
> accomodate.
> A simple hash scheme doesn't protect against replay attacks and so
> we do need the challenge in the mix somehow.
Who are you assuming, in this threat model, is doing the replay?
I think that's the core question that needs answering.
Dave.
--
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
More information about the JDev
mailing list