[Standards-JIG] JEP-0033 isn't implementable as external component
according to JEP-0114
Peter Saint-Andre
stpeter at jabber.org
Wed Aug 9 22:36:16 CDT 2006
Tobias Markmann wrote:
> Given that an external component is trusted to write 'from'
> addresses for any user at the component's hostname, server
> administrators SHOULD make sure that they in fact do trust the
> omponent software.
>
>
>
> That's sounds to me like:
>
> 1. Don't allow to connect untrusted components.
I think no one disagrees with that.
> 2. The trusted components are only allowed to change from addresses
> for any user at the component's hostame.
>
> When a component is untrusted you shouldn't allow that to connect to
> your server. And if it's trusted you can allow it to do anything what
> allows XMPP RFCs, not only changing the from addresses for any user at
> the component's hostname.
Ah, I haven't looked at that text in a long while. IMHO it's wrong as
currently written -- normally, external components can write 'from'
addresses for any subdomain or the server itself. Right now we leave
that up to the implementation, but in the future perhaps a more robust
component protocol could include ways of negotiating which domains the
component has privileges to emulate (etc.).
Peter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/standards/attachments/20060809/b3afff57/smime.bin
More information about the Standards-JIG
mailing list