[Operators] feedback requested

Maissel, Joe joe.maissel at credit-suisse.com
Wed Apr 2 08:52:30 CDT 2008


In our own penetration testing of S2S we found that the dial-back
introduced potential security holes (one was found and then promptly
fixed by our XMPP vendor).  Since we will be T6 shop, we would like to
reject any attempt to use dial-back.  Can this be part of the protocol?

-----Original Message-----
From: operators-bounces at xmpp.org [mailto:operators-bounces at xmpp.org] On
Behalf Of Peter Saint-Andre
Sent: Wednesday, April 02, 2008 12:26 AM
To: XMPP Operators Group
Subject: Re: [Operators] feedback requested

Norman Rasmussen wrote:
> On Tue, Apr 1, 2008 at 10:45 PM, Peter Saint-Andre
<stpeter at stpeter.im> wrote:
>>  http://www.xmpp.org/extensions/xep-0238.html
> 
> Awesome!
> 
> 1 - Error examples mismatch: remote-server-not-found (in description),

> vs remote-server-timeout (in example)
> 
> 2 - What about adding a matrix table the gives a quick overview on 
> what types can interconnect?
> Something like (very inaccurately):
> 
>       T1   T2   T3   T4   T5   T6
> T1   y
> T2   y     y
> T3   y     y     y
> T4   n     n     y     y
> T5   n     n     etc
> T6   n     n     etc

I've fixed these in my working copy, thanks for the feedback.

Peter

--
Peter Saint-Andre
https://stpeter.im/


==============================================================================
Please access the attached hyperlink for an important electronic communications disclaimer: 

http://www.credit-suisse.com/legal/en/disclaimer_email_ib.html
==============================================================================



More information about the Operators mailing list