[prev in list] [next in list] [prev in thread] [next in thread]
List: jabber-security-jig
Subject: Re: [security-jig] s2s SSL
From: Iain Shigeoka <iainshigeoka () yahoo ! com>
Date: 2002-03-13 18:50:55
[Download RAW message or body]
On 3/13/02 8:28 AM, "Bray, Dan" <Dan.Bray@commerceone.com> wrote:
>
> I'm building a specialized Jabber client to enable various entities to
> exchange data. The data needs to remain private. I can encrypt the payload
> but there is also a desire to keep the routing secret so I need to transport
> over an SSL socket. I've got this working fine on the client side but am
> now concerned about deliveries that need to go ourside my server. I need
> server to server SSL.
>
> I'd like to work on this and would appreciate some help narrowing down the
> code I need to look at. Whre do I start to look? mio? dialback? At what
> level are the s2s connections managed?
This question should be directed to the jdev list where jabberd development
discussion occur. This list is really concerned with general Jabber
security protocol issues and many of us (myself included) don't know the
first thing about jabberd's internals. :)
Good luck. Sounds like an interesting project.
-iain
BTW - unless you completely control both servers (and can limit your server
connection capabilities to only that other trusted server) you may be better
off encrypting the payloads. To hide routing, address all s2s packets to
the same address, then encrypt the entire message packet within an <x>
extension in the message packet. The special user account on both servers
acts as the router, unencrypting, unpacking, and forwarding the enclosed,
encrypted packet within your secure c2s network.
Just a thought.
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
_______________________________________________
Security-JIG mailing list
Security-JIG@jabber.org
http://mailman.jabber.org/listinfo/security-jig
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic