-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 8/18/09 11:41 AM, Tobias Markmann wrote: > Howdy, > > First of all I wonder what's the reason to allow stream compression only > after SASL and before binding. XEP-0170 [1] says it's that way to > prevent certain denial of service attacks but doesn't clarify it any > further. So I'm asking myself what kind of attacks that are. Because > some clients and servers, which implemented stream compression before > XEP-0170 was there do compression only before SASL. > > Secondly, XEP-138 [2] says, > > Because negotiation of stream compression should not be completed > after application of any encryption layers and because SASL > negotiation (see RFC 3920) may involve application of an encryption > layer, stream compression SHOULD be negotiated after SASL > negotiation. For detailed recommendations regarding the order of > stream feature negotiation, refer to Recommended Order of Stream > Feature Negotiation [4]. > > in its Business Rules section. The first sentence contradicts the second > one. The first disallows the use of stream compression when an > encryption layer is present however the second, forwarding to XEP-170, > precisely describes when to allow stream compression even after TLS has > be negotiated. > > [1] http://xmpp.org/extensions/xep-0170.html#c2s-compress > [2] http://xmpp.org/extensions/xep-0138.html#bizrules
I've clarified these matters a bit: http://svn.xmpp.org:18080/browse/XMPP/trunk/extensions/xep-0170.xml?r2=3390&r1=461 http://svn.xmpp.org:18080/browse/XMPP/trunk/extensions/xep-0138.xml?r2=3391&r1=3295 /psa -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqmv78ACgkQNL8k5A2w/vyXHgCglj/WsQgT339vuczafMOtrOuh Rq4AoJdbjyL1lBuItHk76LobV9euBHlp =iYez -----END PGP SIGNATURE-----