Tigase Forge
Dashboards
Projects
Pull Requests
Issues
Builds
Packages
Code Search
Martin
Code
Pull Requests
Issues
List
Boards
Iterations
Builds
Statistics
Child Projects
OneDev 10.9.4
Documentation Support & Bug Report RESTful API Incompatibilities License Agreement Check Update
Projects tigase _libraries Martin Issues #134
Avoid sending the "from" JID before starttls (#134)
Closed
Unknown opened 1 year ago

Is your feature request related to a problem? Please describe. No, but it would increase user privacy.

When establishing an initial connection to an XMPP server, the following is sent without encryption when a client executes the XmppClient.login() method:

<stream to="[server]" from="[user_jid]" ...>

The user's JID is exposed prior to the starttls proceeding and visible to a passive network observer.

Describe the solution you'd like Restrict sending of from="[user_jid]" before starttls has occurred.

Describe alternatives you've considered I have not identified alternatives. I do not see a way to control whether or not from is sent prior to starttls.

Additional context The Snikket iOS app was used to test, which is based on Siskin. Both appear to use the "Martin" XMPP library, so I hope this is the right place for this feature request.
Unknown commented 1 year ago

Snikket is using an older version of Martin library named TigaseSwift back then.

The current version of the Martin XMPP library has a flag to enable the see-other-host (useSeeOtherHost property in the connectionConfiguration property of the XMPPClient instance) which when set to false will force Martin to stop sending from attribute in the stream opening.

Example:

let client: XMPPClient;
client.connectionConfiguration.useSeeOtherHost = false
issue 1 of 1
Issue Votes (0)
Login to vote
Watchers (0)
Reference
tigase/_libraries/Martin#134
Please wait...
Page is in error, reload to recover