6 Sep 2006 23:34
Re: Re: [Simple] "last call" on SIMPLE-XMPP interworking I-D
Peter Saint-Andre <stpeter <at> jabber.org>
2006-09-06 21:34:46 GMT
2006-09-06 21:34:46 GMT
Any further input on draft-saintandre-xmpp-simple-08? http://www.ietf.org/internet-drafts/draft-saintandre-xmpp-simple-08.txt If not, I'll pursue requesting a standards action regarding this I-D. Thanks! Peter Peter Saint-Andre wrote: > My apologies for taking so long to incorporate our consensus. Comments > at the end. > > Dave Cridland wrote: >> On Wed Jul 19 20:48:25 2006, Adam Roach wrote: >>> Dave Cridland wrote: >>>> A traditional "Jabber transport" would allow gatewaying through it >>>> from any Jid. If instead the XMPP/SIMPLE transport only allows >>>> gatewaying through it from its local XMPP domain, then in order to >>>> mount the attack, the attacker has to obtain several thousand >>>> accounts on that server. >>> As far as I can tell, this solves the problem; however, I think it >>> breaks the solution for most deployments as well. I foresee these >>> gateways being deployed primarily by enterprises who are using one >>> system (SIMPLE or XMPP) so that their users can communicate with >>> enterprises using the other. Limiting interworking to local users >>> makes such use impossible. >>> >>>(Continue reading)
RSS Feed