Full Disclosure mailing list archives
Re: talk.google.com
From: James Tucker <jftucker () gmail com>
Date: Wed, 24 Aug 2005 16:21:06 +0100
I think the more important point to be maintained is that this is a Jabber server. Interesting note: It's rdns is toolbar.google.com, but the jabber can be found at talk.google.com:5222.
Google created a custom authentication module (from packet capture with the standard win32 google talk client):
RECV: <?xml version="1.0" encoding="UTF-8"?><stream:stream from="gmail.com" id="<!--edit-->" version="1.0" xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client"><stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>X-GOOGLE-TOKEN</mechanism></mechanisms></stream:features> SEND: <auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl" mechanism="X-GOOGLE-TOKEN"><!--edit: long encrypted string here--></auth>
RECV: <success xmlns="urn:ietf:params:xml:ns:xmpp-sasl"/>This is quite different from the PLAIN mechanism which is used by most other clients currently.
Besides the potential financial impacts, bringing Jabber into such exposure, so quickly as only google can do, may increase general public interest in Jabber. This is always an interesting transition period for any technology, particularly in the security sector. This is no reflection on the development status of Jabber, it's just fact.
The other important thinking is the potential for incorporation of Jabber portals into other IM protocols for cross-protocol IM fucntionality in response to another major contender. This would probably be the most reliable method for these companies to maintain clients, however it would require a significant effort of co-ordination. If this is more what google want's to achieve then I would be most happy, but clearly it's wishfull thinking right now.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- RE: talk.google.com, (continued)
- RE: talk.google.com Paul Melson (Aug 25)
- Re: talk.google.com My Name (Aug 25)
- Re: talk.google.com Ruben Duque (Aug 24)
- Re: talk.google.com Jérôme ATHIAS (Aug 24)
- Re: talk.google.com Andrew Smith (Aug 24)
- RE: talk.google.com Clement Dupuis (Aug 24)
- Re: talk.google.com Mohit Muthanna (Aug 24)
- Message not available
- Re: talk.google.com Andrew Smith (Aug 24)
- Re: talk.google.com Harry Behrens (Aug 24)
- Re: talk.google.com sikurezza (Aug 24)
- Re: talk.google.com James Tucker (Aug 24)
- Re: talk.google.com David Maxwell (Aug 24)
- Re: talk.google.com James Tucker (Aug 24)
- Re: talk.google.com José María Mateos (Aug 24)
- RE: talk.google.com Clement Dupuis (Aug 24)
- Re: talk.google.com Tyler Davis (Aug 24)
- RE: talk.google.com Geo. (Aug 24)
- Re: talk.google.com Brian Dessent (Aug 24)
- Message not available
- talk.google.com Mohit Muthanna (Aug 24)
- Re: talk.google.com Technica Forensis (Aug 25)