[Standards-JIG] JEP-0170: dialback + TLS + SASL

Justin Karneges justin-keyword-jabber.093179 at affinix.com
Tue Jan 17 23:00:40 UTC 2006


On Tuesday 17 January 2006 13:28, JD Conley wrote:
> Workflow:
> The receiving entity requests mutual authentication during StartTLS if
> it supports SASL. The originating entity then provides a cert, or not.
> If cert authentication fails or no originating cert is presented
> Dialback is then used. If mutual cert authentication succeeds, the SASL
> EXTERNAL stream feature is presented and no Dialback is required.
>
> Both entities have the option to disable Dialback fallback and thus
> failure of TLS mutual authentication and SASL EXTERNAL would be fatal to
> the S2S connection in the extra secure situations.
>
> If Dialback fallback is permitted, the channel is already encrypted with
> TLS.

Yes, this sounds good to me.

Also, how does the TLS+dialback stuff going on in the wild work today?

-Justin



More information about the Standards mailing list