Flash doesn't support either of these natively anyway, it relies on the browser's http and encryption facilities. There's no way to encrypt the XMLSocket session. You'd have to embed the Flash OCX in a secured wrapper, and if you've gone that far you may as well fix the null byte problem. So on balance it's no loss.
I'll have to review the JEPs. I'd imagine that p2p based schemes could be affected. ----- Original Message ----- From: "Peter Saint-Andre" <[EMAIL PROTECTED]> To: "Jabber software development list" <[EMAIL PROTECTED]> Sent: Monday, April 12, 2004 12:19 PM Subject: Re: [jdev] Jabberd2, Flash Client and FOCUS > On Mon, Apr 12, 2004 at 10:12:10AM -0600, Matthew A. Miller wrote: > > What will most likely break are in the stream initialization stages, > > especially SASL and TLS. The current version of HTTP-Binding does not > > completely address all of the SASL issues (specifically those regarding > > SASL mechanisms with security layers), and specifically disallows > > "inband" TLS (since HTTP has its own mechanisms for dealing with > > SSl/TLS). Otherwise, everything else should be good to go. > > Disallowing inband TLS in JEP-0124 resulted from a desire to respect > proper protocol layering. Since HTTP does TLS/SSL, that seemed like the > right layer for channel encryption. Changing "MUST NOT" to "SHOULD NOT" > (or simply encouraging use of TLS at the HTTP layer) might be OK with > me, I'd have to think about it some more (the primary authors of this > spec were originally DizzyD and now mostly Ian Paterson so I'd like to > hear what they think). > > > I believe the authors of HTTP-Binding are releasing a new revision > > soon. I would recommend communicating with them, and working out > > whatever additional issues need to be solved. It may be they've already > > done so, since these issues are not necessarily unique to Flash. > > Ian is working on a new version, which should be out soon. > > Peter > > _______________________________________________ > jdev mailing list > [EMAIL PROTECTED] > https://jabberstudio.org/mailman/listinfo/jdev _______________________________________________ jdev mailing list [EMAIL PROTECTED] https://jabberstudio.org/mailman/listinfo/jdev
