Jonathan Schleifer wrote:
Peter Saint-Andre <[EMAIL PROTECTED]> wrote:Not necessarily. There's still SOCKS5 Bytestreams through a proxy, or ICE-TCP. Or you could switch to a different server. If a server admin does something that prevents e2e encryption and their users careabout this feature, the users will complain. And even if IBB is blocked we could define yet another even simpler in-band method (even "bits of binary" as defined in XEP-0231). But of course server admins could block that, too. And nothing stops a server admin from blocking ESessions, either!I should be more specific here: My server only has the bandwith totransfer small data like text, not BLOBs.
So we could even use XEP-0231, since we'll use that anyway for other purposes (emoticons, in-band images for XHTML, etc.).
Thus I don't want Jingle IBB, because I never want video or files inband. But I want encryption inband! So I'm for having something not using Jingle IBB!
So we define yet another Jingle transport method (for "BoB" / XEP-0231) and advertise that during the negotiation. Jingle is pluggable.
Oh, and it's possible that I only allow connections to the Jabber server for security reasons, so not even a proxy would work.Is "I" the server admin or the client user?Both.In your client you don't disable IBB for everything, you disable it for video and file transfer but not e2e streams.I'm talking about server-side here.That's easy for a server admin to block, too.Yes, but no need to block encryption if you just don't want huge data transferred via IBB. Encrypted text is not huge. But Jingle IBB is usually for larger stuff.
So use BoB:
<message
from='romeo at montague.net/orchard'
to='juliet at capulet.com/balcony'
id='msg1'>
<body>
This message is encrypted. If you see this text,
something went wrong
</body>
<data xmlns='urn:xmpp:tmp:bob'
cid='[EMAIL PROTECTED]'
max-age='0'
type='text/plain'>
qANQR1DBwU4DX7jmYZnncmUQB/9KuKBddzQH+tZ1ZywKK0yHKnq57kWq+RFtQdCJ
WpdWpR0uQsuJe7+vh3NWn59/gTc5MDlX8dS9p0ovStmNcyLhxVgmqS8ZKhsblVeu
IpQ0JgavABqibJolc3BKrVtVV1igKiX/N7Pi8RtY1K18toaMDhdEfhBRzO/XB0+P
AQhYlRjNacGcslkhXqNjK5Va4tuOAPy2n1Q8UUrHbUd0g+xJ9Bm0G0LZXyvCWyKH
kuNEHFQiLuCY6Iv0myq6iX6tjuHehZlFSh80b5BVV9tNLwNR5Eqz1klxMhoghJOA
</data>
</message>
All that changes is the namespace, but if it makes you happy we can
define a way to do that.
<message from='[EMAIL PROTECTED]/orchard' to='[EMAIL PROTECTED]/balcony' id='msg1'> <body> This message is encrypted. If you see this text, something went wrong </body> <data xmlns='http://jabber.org/protocol/ibb' sid='mySID' seq='0'> qANQR1DBwU4DX7jmYZnncmUQB/9KuKBddzQH+tZ1ZywKK0yHKnq57kWq+RFtQdCJ WpdWpR0uQsuJe7+vh3NWn59/gTc5MDlX8dS9p0ovStmNcyLhxVgmqS8ZKhsblVeu IpQ0JgavABqibJolc3BKrVtVV1igKiX/N7Pi8RtY1K18toaMDhdEfhBRzO/XB0+P AQhYlRjNacGcslkhXqNjK5Va4tuOAPy2n1Q8UUrHbUd0g+xJ9Bm0G0LZXyvCWyKH kuNEHFQiLuCY6Iv0myq6iX6tjuHehZlFSh80b5BVV9tNLwNR5Eqz1klxMhoghJOA </data> </message>This is ok with me.There's nothing special about ESessions in this regard.Yes, the <body> is something we only added in Gajim.
Last I checked, <body/> is defined in RFC 3921. Nothing special there, but a good implementation note if you're sending this stuff in a <message/> stanza.
/psa
smime.p7s
Description: S/MIME Cryptographic Signature
