From the IETF: http://www.ietf.org/rfc/rfc2831.txt Formatted: http://rfc-ref.org/RFC-TEXTS/2831/index.html
God luck... Adrian Adrian wrote:
By secure connection I mean being able to send and receive xml packets that can't be intercepted and decoded by a third party. So anything that achieves that is good for me. I use the XIFF library for dealing with XMPP (http://www.jivesoftware.org/xiff) It's built for Flash Actionscript 2.0 and it's exactly what I need except it doesn't do TLS+SASL. So let me get this straight:In order to use TLS + SASL : I send out a command <starttls bla bla /> Server sends <proceed > I then start a new stream, select a mechanism (digest md-5), server sends a challenge (base64 encoded)I decode that but I don't know what to send back. The specs say I shoud send this : username="somenode",realm="somerealm",\nonce="OA6MG9tEQGm2hh",cnonce="OA6MHXh6VqTrRk",\ nc=00000001,qop=auth,digest-uri="xmpp/example.com",\ response=d388dad90d4bbd760a152321f2143af7,charset=utf-8What are these : username, realm, nonce, cnonce, nc, qop, digest-uri, response ?Where do I get them from ?(Sorry to be dense)*/Peter Saint-Andre <[EMAIL PROTECTED]>/* wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Adrian Adrian wrote: > Hello, > I'm totally new with the xmpp protocol so this questions may seem too > easy if not plain stupid. > I want to comunicate with the the im (wildfire) server through TLS.So I > do what the docs tell me to do : > I send this command : > > And server responds with : > > Now, if I read the docs correctly, I have to start a new stream and > begin SASL negotiation. Is this correct ? > If so, more questions will follow :) The digest-md5 is really making my > head spin. > Isn't there an easier way to establish a secure connection ? (without > receiving challenges and stuff) Depends on what you mean by secure. :-) There is an older, nearly-deprecated method for authentication between clients and servers: http://www.jabber.org/jeps/jep-0078.html In the old days clients could connect on a separate SSL-enabled port (usually 5223, though that was never codified). But with RFC 3920, it is preferred to upgrade to TLS on port 5222 and then use SASL for authentication. Are you writing your own library? Why not use one of the existing code libraries that already does TLS+SASL? Peter - -- Peter Saint-Andre Jabber Software Foundation http://www.jabber.org/people/stpeter.shtml -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEGyLANF1RSzyt3NURAh6NAKDL/MysQyIZMTzojaZQdBI1m3kL/ACgvRbz 45Y3Jk8Co9PM7AJ5QfZEnF4= =Y+/I -----END PGP SIGNATURE----- ------------------------------------------------------------------------Relax. Yahoo! Mail virus scanning <http://us.rd.yahoo.com/mail_us/taglines/virusall/*http://communications.yahoo.com/features.php?page=221> helps detect nasty viruses!
-- - LW "Got JABBER(R)?" <http://www.jabber.org/>
smime.p7s
Description: S/MIME Cryptographic Signature
