Jonathan Schleifer wrote: > We had proposals for end-to-end encryption using TLS here. It was > suggested to use a stream in a stream using Jingle inbound. These > stream will be encapsulated in the stream using <message>s or <iq>s > then. And I think we should go for <message>s, but also include a > <body> that states that this is part of an encrypted session.
There is no statement in the XEP that the stream in inband. The clients can use SOCKS5 or a direct connection for the private stream. I do not see were you want to put the body in that case. > It was argued that the message may never get to the wrong resource > when I mentioned that problem, but the example posted before states > the opposite, that it indeed DOES happen in the real world. If you use IQ stanzas for e2e streams they should never reach the wrong resource. If they do, it is a bug in the server. And even if they do, the receiver should rehect that IBB stanza (unknown sid) and the sender knows that the e2e stream is broken. Dirk -- /* Nobody will ever see this message :-) */ panic("Cannot initialize video hardware\n"); 2.0.38 /usr/src/linux/arch/m68k/atari/atafb.c