On 2/11/09 6:00 AM, Dave Cridland wrote: > On Wed Feb 11 08:13:31 2009, Alexander Gnauck wrote: >> > 2. Consensus that the current secure="true" flag on the BOSH <body/> >> > element is useless. Jack Moffitt recommended removing this and adding a >> > security consideration about what the BOSH connection manager should >> > accept and not accept from the XMPP server. He and I will work on text. >> >> I was at the Operators group while you discussed BOSH. >> Could somebody elaborate why the secure flag is useless? >> Is only the attribute useless or the complete key stuff we use for >> security >> now when we are not on https. > > Jack mentioned it in the main session, I think, too. > > Situation is that I can run up a BOSH server which is not > server-specific, and then a BOSH client cannot verify what has been > tested in terms of the BOSH C2S connection and what's been ignored - in > particular, a BOSH client cannot authenticate the XMPP server via TLS, > only the BOSH server. > > It's not that the attribute is useless, it's more that the attribute > says very little, and implies a lot of trust, as I understood things. > > Personally, I think it's useful by its absence - the lack of the flag > indicates that the BOSH server couldn't setup an authenticated TLS > session, which is almost certainly a bad thing. The presence of it > doesn't mean that it could, just that it's not actively complaining > about it.
So are you suggesting that we keep the flag or that we remove it and just assume that the connection is probably not "secure"? I sent some proposed text to the list but have not yet received any feedback on it. I repeat it here *** 19.2 Connection Between BOSH Service and Application A BOSH service SHOULD encrypt its connection to the backend application using appropriate tecnologies such as Secure Sockets Layer (SSL), Transport Layer Security (TLS), and StartTLS if supported by the backend application. Alternatively, the BOSH service can be considered secure (1) if it is running on the same physical machine as the backend application or (2) if it running on the same private network as the backend application and the administrators are sure that unknown individuals or processes do not have access to that private network. Because there is no way for the client to be sure that the BOSH service encrypts its connection to the application, it is RECOMMENDED for the client encrypt its messages using an application-specific end-to-end encryption technology; methods for doing so are outside the scope of this specification. *** Peter -- Peter Saint-Andre https://stpeter.im/
smime.p7s
Description: S/MIME Cryptographic Signature
