[jdev] XMPP "APIs"
Kim Alvefur
zash at zash.se
Fri Jan 25 16:36:07 UTC 2013
Hi!
On 2013-01-13 09:47, Justin Karneges wrote:
> Good point. I think this problem can be mostly solved with TLS and s2s. My
> plan, which I have not yet implemented, is to allow setting a "TLS required"
> flag on any whitelisted JID. The XMPP server itself would not enforce TLS, and
> instead negotiate it opportunistically, but I'd need to hack it to tell my
> server app whether an incoming stanza arrived from a TLS-protected stream or
> not, so that my server app could make the choice of whether to accept or
> reject.
It would be interesting to have some method of knowing if a stanza was
received over a secure connection (by the previous node, ie your
server), as well as a method of saying "only deliver this stanza over a
secure connection". The later can be accomplished by Security
Labels[XEP-0258] and policy enforcement by the server(s), but might be a
bit overkill for simpler deployments.
[XEP-0258]: http://xmpp.org/extensions/xep-0258.html
--
Regards,
Kim "Zash" Alvefur
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <https://www.jabber.org/jdev/attachments/20130125/57cd1abb/attachment.pgp>
More information about the JDev
mailing list