1667 E2E security with clear transfer
Created: 13 Sep 2019
Part: Part 8-2 (2018)
Clause: Annex A.2.2.2
Issue: In Annex A table A.1 it is indicated that use of E2E security is mandatory. In this case we have two options to choose: clear transfer (not encrypted, but signed PDU) or encrypted transfer (PDU is encrypted and signed). In case of clear transfer, implementation of checking of signature of PDU is not possible since XMPP server(s) used for transferring message over the network can (and in most of the cases do) change layout of XML text of PDU. For example can change order of attributes or exchange double to single quotes in values of attributes.
Proposal: To make clear transfer work it should be either:
Tissue DB v. 18.104.22.168