On Wed Feb 11 08:13:31 2009, Alexander Gnauck wrote:
> 2. Consensus that the current secure="true" flag on the BOSH
<body/>
> element is useless. Jack Moffitt recommended removing this and
adding a
> security consideration about what the BOSH connection manager
should
> accept and not accept from the XMPP server. He and I will work on
text.
I was at the Operators group while you discussed BOSH.
Could somebody elaborate why the secure flag is useless?
Is only the attribute useless or the complete key stuff we use for
security
now when we are not on https.
Jack mentioned it in the main session, I think, too.
Situation is that I can run up a BOSH server which is not
server-specific, and then a BOSH client cannot verify what has been
tested in terms of the BOSH C2S connection and what's been ignored -
in particular, a BOSH client cannot authenticate the XMPP server via
TLS, only the BOSH server.
It's not that the attribute is useless, it's more that the attribute
says very little, and implies a lot of trust, as I understood things.
Personally, I think it's useful by its absence - the lack of the flag
indicates that the BOSH server couldn't setup an authenticated TLS
session, which is almost certainly a bad thing. The presence of it
doesn't mean that it could, just that it's not actively complaining
about it.
Dave.
--
Dave Cridland - mailto:[email protected] - xmpp:[email protected]
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
