Hi,
On Aug 25, 2008, at 10:48 AM, Dirk Meyer wrote:
Jonathan Schleifer wrote:
Am 24.08.2008 um 20:59 schrieb Dirk Meyer:
You could put the stuff I added as <offer> to the disco stuff. But
it
must also work serverless. And when I work link-local I can not use
disco#query before connecting.
For link-local, we can just try. But opening a direct connection and
then trying STARTTLS and failing - that'd be stupid. So therefore, we
should check before opening a connection when we're not link-local.
Looking at XEP-0030 I see nothing that fits. But we we use the rule
that a client ignores a tag if it does not know the namespace and that
you can add a tag everywhere I see two choices.
The first one is to add the offer directly in disco#query:
<iq type='result'
from='[EMAIL PROTECTED]'
to='[EMAIL PROTECTED]/balcony'
id='info3'>
<query xmlns='http://jabber.org/protocol/disco#info'>
<identity .../>
<feature var='http://jabber.org/protocol/disco#info'/>
...
<feature var='urn:xmpp:tmp:tlsauth'>
<offer xmlns='urn:xmpp:tmp:tlsauth'>
<x509 fingerprint='certificate-fingerprint'/>
<openpgp fingerprint='openpgp-fingerprint'/>
<srp/>
</offer>
</feature>
Why not use:
<feature var='urn:xmpp:tmp:tlsauth' />
<feature var='urn:xmpp:tmp:tlsauth:x509cert' />
<feature var='urn:xmpp:tmp:tlsauth:pgpcert' />
<feature var='urn:xmpp:tmp:tlsauth:srp' />
to announce support, and then pick your preferred protocol to get the
signatures via PubSub. A fallback mechanism like a basic IQ-get or
your own proposal to use disco#items could also be interesting. It
would get us over the servers who do not offer pubsub, like GTalk for
example.
Placing the signatures in the IQ-Disco itself would jeopardize the
latest advancements in Capabilities caching, and that is a bigger loss
than the overhead of fetching the signatures as a second step in the
protocol.
Best regards,
--
Pedro Melo
Blog: http://www.simplicidade.org/notes/
XMPP ID: [EMAIL PROTECTED]
Use XMPP!
