[standards-jig] dialback ID/verification clarifications
mdpoole at troilus.org
Sat Jul 26 01:22:33 UTC 2003
I have some questions about the dialback specification (section 7.2 of
draft-ietf-xmpp-core-15). I apologize if these have been addressed
before -- a quick google search did not find discussion of them.
1) Is there a maximum permitted length for either the dialback ID or
the key sent in response?
2) Step 4 indicates that Originating Server generates a dialback key
and sends it to Receiving Server. It says the key MUST be based on
the dialback ID and on a secret shared by Originating Server and
Authoritative Server. May the key be based on other things, such as
the current time or the Receiving Server's JID or IP address?
This is important because if both networks have multiple servers, or
if Receiving Server is multi-homed, the connection between Receiving
Server and Authoritative Server may use different addresses than where
Originating Server connected.
Perhaps a comment on the assumed model would be in order: Should the
Authoritative Server be informed of the dialback key used by
Originating Server, or should it simply evaluate a memory-free
function that takes the dialback ID and key as (the only) inputs and
evaluates to either 'valid' or 'invalid'?
3) Step 7 indicates that Authoritative Server sends Receiving Server a
stream header that includes the ID previously generated by Receiving
Server. This is listed before Receiving Server sends the verify
stanza that contains the key -- to make it more confusing, the id in
step 7 is different than the id used in the other example steps, yet
step 7 says Receiving Server MUST generate <invalid-id/> in such a
situation. Should the id parameter be sent at all in Authoritative
Server's stream header?
More information about the Standards