[Standards-JIG] Re: Discovering of less concrete features

Peter Saint-Andre stpeter at jabber.org
Thu Oct 28 20:26:32 UTC 2004


In article <Pine.LNX.4.53.0410281022280.10820 at bluebox.conspiracy.net>,
 maqi at jabberstudio.org wrote:

> On Wed, 27 Oct 2004, Peter Saint-Andre wrote:
> 
> > This enables software to advertise that it supports things like TLS and
> > SASL (since anything in the protocol namespaces registry can also be a
> > service discovery feature).
> 
> c2s TLS and s2s TLS are treated differently, I hope? There are many
> servers around that support c2s TLS but not s2s TLS. Probably it would be
> good to discern s2s TLS with certificate checking from s2s TLS using
> dialback (I'm not sure - Mawis?).

http://www.jabber.org/registrar/namespaces.html lists 
urn:ietf:params:xml:ns:xmpp-tls as a protocol namespace and therefore as 
a service discovery feature, so that is helpful but does not 
differentiate between c2s and s2s. Therefore we could do the following 
for service discovery features:

urn:ietf:params:xml:ns:xmpp-tls#c2s
urn:ietf:params:xml:ns:xmpp-tls#s2s

(Same for SASL.)

Now, that doesn't tell you if any given s2s connection is using TLS. 
Perhaps it would be more helpful to have an "XMPP traceroute" protocol, 
which would tell you what the connection is all along the line. The main 
use case would be determining if the entire route is TLS-protected.

/psa




More information about the Standards mailing list