On 16.02.2016 20:01, Thijs Alkemade wrote: > >> On 16 feb. 2016, at 17:18, XMPP Extensions Editor <edi...@xmpp.org> wrote: >> >> The XMPP Extensions Editor has received a proposal for a new XEP. >> >> Title: Instant Stream Resumption >> >> Abstract: This specification introduces an mechanism for instant >> stream resumption, based on Stream Management (XEP-0198), allowing >> XMPP entities to instantaneously resume an XMPP stream. >> >> URL: http://xmpp.org/extensions/inbox/isr.html >> >> The XMPP Council will decide in the next two weeks whether to accept this >> proposal as an official XEP. > > > I'll just repeat my point that all quick connection attempts so far seem to > throw out mutual authentication without hesitation. That may be an acceptable > trade-off in certain scenarios, but it should be emphasized that it decreases > security.
Thanks for your feedback Thijs. As always, much appreciated. I'd like to say that it's in fact the first time that someone directs me into the mutual authentication problematic. Would adding a 'remotetok' be sufficient. E.g. <enabled xmlns='urn:xmpp:sm:3' xmlns:isr='urn:xmpp:isr:0' isr:tok='a0b9162d-0981-4c7d-9174-1f55aedd1f52' isr:remotetok='fe418035-4e1e-4b26-a406-2d7191995e97'/> And then on instant resumption the initiator sends <inst-resume xmlns='urn:xmpp:isr:0' tok='a0b9162d-0981-4c7d-9174-1f55aedd1f52' h='42'/> and the remote part responds with <inst-resumed xmlns='urn:xmpp:isr:0' prev-remotetok='fe418035-4e1e-4b26-a406-2d7191995e97' tok='006b1a29-c549-41c7-a12c-2a931822f8c0' remotetok='b5defa69-a337-4a0c-8a03-a83ca1d26a2c' h='21'/> Could it really be so easy to add mutual authentication to ISR, or am I missing something? - Florian
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Standards mailing list Info: http://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org _______________________________________________