[jdev] Securing XMPP
simon at buddycloud.com
Thu Aug 29 09:00:53 UTC 2013
On 28 August 2013 18:28, Matthew Wild <mwild1 at gmail.com> wrote:
> > http://wiki.xmpp.org/web/Securing_XMPP
> Only feedback so far: you might want to clarify the "single
> domain"/"multiple domain" thing - DANE is not a requirement for
> securely hosting multiple domains on a single server. I think that
> might confuse people.
It's confusing me too. As I understand the current state of things:
If I lookup the SRV record for example.com, connect to the server and the
certificate matches servername.example.com, I can be pretty certain that
I'm talking to the right server.
However, if example.com returns a SRV record for server.xmpp-hosting.com,
we're dealing with a different beast and DANE / POSHy things need to start
happening to avoid DNS spoofing. (I'm assuming example.com's owner don't
want to be lodging private certs with their XMPP vhosting provider).
- Is there any reason to worry about DANE stuff for a single domain XMPP
- Is Prosody really the only server that supports DANE?
Simon Tennant | buddycloud.com | +49 17 8545 0880 | office hours:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the JDev