[Operators] feedback requested
stpeter at stpeter.im
Wed Apr 2 09:06:15 CDT 2008
Maissel, Joe wrote:
> In our own penetration testing of S2S we found that the dial-back
> introduced potential security holes (one was found and then promptly
> fixed by our XMPP vendor). Since we will be T6 shop, we would like to
> reject any attempt to use dial-back. Can this be part of the protocol?
Yes I will add an error flow for that. Essentially you would complete
STARTTLS and advertise SASL as required. If the other side attempts to
do dialback instead, you close the stream.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/operators/attachments/20080402/2e10d852/attachment.bin
More information about the Operators