[Standards-JIG] stream:error for dialback with no SASL support

Matthias Wimmer m at tthias.net
Mon Jul 26 19:19:17 UTC 2004


Hi JD!

JD Conley schrieb am 2004-07-26 11:43:44:
> We rely on the fact that the X.509 certificates are trusted.
[...]

I have to agree ... EXTERNAL using certificates can work on a public
network very well - only problem for wide-spread usage would be that
most servers are run by individuals which I guess won't buy "official"
certificates. I guess I have to adjust my thinkings about this a bit.

It was very interesting to read your comments as they are from the view
of a corporate implementation. I am looking at it from the standpoint of
an open cummunity server admin.

> This logic sounds pretty close.  The only issue is that if a server
> supports SASL it probably won't use it over dialback (SoapBox doesn't).

I did not want to do dialback if I did SASL on a connection.

> So you may never receive an xmlns:db on the incoming stream.  And,
> technically, a SASL S2S connection can be mutually authenticated through
> TLS and SASL EXTERNAL so the incoming and outgoing stream can be on the
> same socket.

I may be wrong, but it has been discussed (on the xmppwg list I think)
if SASL streams can be bidirectional, and I thought the result was that
they are unidirectional as well. I'll have to check XMPP core again for
this.


Tot kijk
    Matthias

-- 
Fon: +49-(0)70 0770 07770       http://web.amessage.info
HAM: DB1MW                      xmpp:mawis at amessage.info
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20040726/920e94e3/attachment.sig>


More information about the Standards mailing list