On 8/16/11 1:15 AM, Waqas Hussain wrote: > 2011/8/16 Jehan Pagès <[email protected]>: >> Hi, >> >> so I have just implemented something with XEP-0114 (client side) and I >> have a few questions. >> >> (1) In my case, the component was locale. And I imagine that's quite >> the most common case. But that's definitely not an obligation >> (especially as we could imagine "component service providers"). Hence >> TLS encryption should be possible. >> >> Maybe it is, but XEP-0114, definitely tells nothing about it. It looks >> like the way-to-do is connecting and directly handshake in plain text. >> Maybe a <features/> logics would be nice. It would allow TLS, compression, >> etc. >> This could be added in the same time we pass to an SASL authentication >> for component. > > Correct. We have been aware of these issues for some time. That's why > XEP-0225: Component Connections exists. > > XEP-0225 is the way forward. However, there aren't many > implementations. I suspect the reason is that XEP-0114 is good enough > for most. Most component deployments are on the same machine as the > XMPP server, and using TLS or compression in that case is rather > pointless. > > We plan to add support for this to Prosody soon. It can enable all > sorts of interesting features not currently available to components.
I'm happy to hear that Prosody will be implementing XEP-0225. I agree that it's the way forward. It would be great if the Prosody team could provide some implementation feedback. Note also that XEP-0225 is in the Deferred state. It'd be great to "undefer" it and move it toward Draft. Peter -- Peter Saint-Andre https://stpeter.im/
