[Operators] transitive federations?

Hiers, David David.Hiers at adp.com
Wed Aug 20 14:49:59 UTC 2014


Marketing came up with a crazy idea that needed killing.

The one sliver of RFC 6120 that gave any hope life to this horrid beast was:

  8.1.1.2.2.  The domainpart of the JID contained in the stanza's 'to'
       attribute MUST match the FQDN of the receiving server (or any
       validated domain thereof)...

One could read "any validated domain" quite broadly, so I wanted to check that I wasn’t missing anything.  


David

-----Original Message-----
From: David Holl [mailto:david at ad5ey.net] 
Sent: Tuesday, August 19, 2014 20:30
To: XMPP Operators Group; Hiers, David (DS)
Subject: Re: [Operators] transitive federations?

Out of curiosity, do you have a specific need for relaying or "transitive federations"?

In general, if domain A is openly federated, it should be able to communicate directly with other domains such as B, C, D, E, ... without prior administrative configuration.

To maximize the likelihood that other domains will communicate directly with domain A, A may want to follow a few best practices, such as:
* have DNS SRV records,
* enable encryption,
* have TLS/SSL certs for each server issued from a recognized CA, and
* have TLSA (DANE) records in a DNSSEC-secured zone.  (in case other domain operators choose to not trust your selected CA but may instead trust DANE for cert validation...)

Anyone else have tips?

- David

On August 19, 2014 12:48:41 PM EDT, "Hiers, David" <David.Hiers at adp.com> wrote:
>Thanks for the responses!
>
>
>
>David
>
>
>-----Original Message-----
>From: Operators [mailto:operators-bounces at xmpp.org] On Behalf Of Kim 
>Alvefur
>Sent: Tuesday, August 19, 2014 08:54
>To: operators at xmpp.org
>Subject: Re: [Operators] transitive federations?
>
>On 2014-08-19 17:45, Philipp Hancke wrote:
>> Am 19.08.2014 17:23, schrieb Hiers, David:
>>> Hi,
>>> Are XMPP federation transitive?  In other words, if A federates with
>
>>> B, and B federates with C, can A send traffic to C through B?
>> 
>> Relaying is not supported. This isn't Internet Relay chat :-)
>
>Nor is it email.
>
>--
>Kim "Zash" Alvefur
>
>
>
>
>This message and any attachments are intended only for the use of the 
>addressee and may contain information that is privileged and 
>confidential. If the reader of the message is not the intended 
>recipient or an authorized representative of the intended recipient, 
>you are hereby notified that any dissemination of this communication is 
>strictly prohibited. If you have received this communication in error, 
>please notify us immediately by e-mail and delete the message and any 
>attachments from your system.



This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system.


More information about the Operators mailing list