[Standards] mutual authentication and XEP 178

Peter Saint-Andre stpeter at jabber.org
Wed Jul 18 19:31:06 UTC 2007


Tony Finch wrote:
> On Tue, 17 Jul 2007, Peter Saint-Andre wrote:
>> If you are referring to certificate validation, that is covered in RFC3920:
> 
> Of course. Thanks for reminding me!

Now, there *is* a question about s2s TLS that I started wondering about
while updating rfc3920bis recently, but it's related to TCP connections.

Server1 realizes that it needs an XML stream to Server2 in order to
route some stanzas. So Server1 completes address resolution via SRV or
whatever and opens a TCP connection to Server2. That happens on
TCPconn1. Then Server1 sends a stream header to Server2. So far so good.

RFC3920 says that for s2s there are 2 TCP connections. So in order to
send a response stream header to Server1, I assume that Server2 opens a
second TCP connection, which we'll call TCPconn2, and then sends the
response stream header over TCPconn2.

Correct?

I don't know if the spec needs to talk about this, but it couldn't hurt
(since it's different for c2s vs. s2s).

/psa

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7354 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20070718/a0da74f1/attachment.bin>


More information about the Standards mailing list