On Jan 25, 2013, at 7:08 AM, Winfried Tilanus winfr...@tilanus.com wrote:
Hi,
And now we are talking about XEP-0198, I think the security
considerations should take some more situations in account for the
session hijacking protection. When properly and securely authenticated,
the authentication is enough protection against sesion hijacking. But
when using SASL-Anonymous, the session id MUST be unpredictable AND the
session MUST be encrypted, otherwise the session can be hijacked. Think
it would be better to add that to the spec.
Those are good points, although transport encryption is only as trusted as the
certificate in use (think of all the times we have clicked I understand the
risks...).
I think it should also be valid for the server to prohibit stream management
resumption if using SASL ANONYMOUS.
- mm
Matthew A. Miller
http://goo.gl/LK55L
smime.p7s
Description: S/MIME cryptographic signature