[Operators] feedback requested

Peter Saint-Andre stpeter at stpeter.im
Wed Apr 2 09:06:15 CDT 2008


Maissel, Joe wrote:
> In our own penetration testing of S2S we found that the dial-back
> introduced potential security holes (one was found and then promptly
> fixed by our XMPP vendor).  Since we will be T6 shop, we would like to
> reject any attempt to use dial-back.  Can this be part of the protocol?

Yes I will add an error flow for that. Essentially you would complete
STARTTLS and advertise SASL as required. If the other side attempts to
do dialback instead, you close the stream.

Peter

-- 
Peter Saint-Andre
https://stpeter.im/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/operators/attachments/20080402/2e10d852/attachment.bin 


More information about the Operators mailing list