[Standards-JIG] JEP-0170: dialback + TLS + SASL

Peter Saint-Andre stpeter at jabber.org
Tue Jan 17 20:44:59 UTC 2006


JEP-0170 is, so far, silent on the order of TLS, SASL, and dialback for 
server-to-server communications. RFC 3920 basically says "dialback is a 
legacy protocol, use TLS then SASL" but I wonder if the following order 
makes sense:

1. Dialback
2. TLS
3. SASL

Rationale: use dialback as a pre-screening method, then do TLS and SASL 
if you can or must (subject to local policies).

For now I'm speaking practically -- I'm not talking about what will be 
acceptable in rfc3920bis, just what works on the network. We'll deal 
with the IETF implications later. :-)

(Though I think "Dialback then TLS then SASL" would be more palatable to 
the security mafia than "TLS then dialback with no SASL", since IETF 
folks were very clear that dialback is not an authentication mechanism.)

Peter

-- 
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.shtml
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3641 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20060117/485405ca/attachment.bin>


More information about the Standards mailing list