On Fri, Apr 4, 2008 at 7:55 PM, Fabio Forno <[EMAIL PROTECTED]> wrote: > (You should just be careful to reply attacks, if the connection is > encrypted there aren't problems, otherwise it should be better to ask > a challenge to the gateway before)
Drat I forgot about those. Yea, security is hard, doing some sort of standard challenge response would be the best here. What about some sort of xep-0206 like protocol, but instead of XMPP over BOSH, you could do XMPP over XMPP. (Instead of posting the <body/> via http like in xep-0124, you could send it as the body of an xmpp message to the gateway. -- - Norman Rasmussen - Email: [EMAIL PROTECTED] - Home page: http://norman.rasmussen.co.za/
