[ejabberd] BOSH pre-binding state of the art

Stefan Strigler steve at zeank.in-berlin.de
Sun Mar 4 14:27:11 MSK 2012

Am 04.03.2012 um 04:09 schrieb Daniel Dormont:

> Thanks for this, it works great on my system (I'm on a sort of hybridized 2.1.6 at the moment).
> And thanks also to Stefan for supporting it in JSJaC.


> One thing while I'm thinking of it - if I wanted to add the "key" capability in there, what would be the right place to put it?

That's a tough one because ejabberd needs 'keys' right from the beginning when initializing the session. So the pre-bind would have to hand over the initial set of keys to jsjac somehow. And that's what would make the approach totally useless probably as this set of keys can't be trusted anymore afterwards. Better to "just" use SSL in order to protect your session.

Greets, Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.jabber.ru/pipermail/ejabberd/attachments/20120304/22a3f322/attachment.bin>

More information about the ejabberd mailing list