Hi! On 2013-01-13 09:47, Justin Karneges wrote: > Good point. I think this problem can be mostly solved with TLS and s2s. My > plan, which I have not yet implemented, is to allow setting a "TLS required" > flag on any whitelisted JID. The XMPP server itself would not enforce TLS, > and > instead negotiate it opportunistically, but I'd need to hack it to tell my > server app whether an incoming stanza arrived from a TLS-protected stream or > not, so that my server app could make the choice of whether to accept or > reject.
It would be interesting to have some method of knowing if a stanza was received over a secure connection (by the previous node, ie your server), as well as a method of saying "only deliver this stanza over a secure connection". The later can be accomplished by Security Labels[XEP-0258] and policy enforcement by the server(s), but might be a bit overkill for simpler deployments. [XEP-0258]: http://xmpp.org/extensions/xep-0258.html -- Regards, Kim "Zash" Alvefur
signature.asc
Description: OpenPGP digital signature
_______________________________________________ JDev mailing list Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: [email protected] _______________________________________________
