On 02/11/2009 09:13 AM, Alexander Gnauck wrote: >> 2. Consensus that the current secure="true" flag on the BOSH <body/> >> element is useless. Jack Moffitt recommended removing this and adding a >> security consideration about what the BOSH connection manager should >> accept and not accept from the XMPP server. He and I will work on text. > > I was at the Operators group while you discussed BOSH. > Could somebody elaborate why the secure flag is useless? > Is only the attribute useless or the complete key stuff we use for security > now when we are not on https.
Only the attribute is useless. To be short: when it is set to true, we rely fully on trusting the CM that the connection from the CM to the XMPP server indeed is secured. We have no way of verifying that. It is better not to put this trust in the CM and always assume an insecure channel. So the flag should better be set to false (or to "the CM is lying"). Winfried -- http://www.tilanus.com xmpp:[email protected] tel. 015-3613996 / 06-23303960 fax. 015-3614406
