[Standards] RFC 3920, 10.2/10.3: subdomain routing rules

Ralph Meijer jabber.org at ralphm.ik.nu
Wed Mar 28 10:02:40 UTC 2007


On Wed, 2007-03-28 at 09:42 +0000, Dave Cridland wrote:
> On Tue Mar 27 20:53:33 2007, Peter Saint-Andre wrote:
> > Bruce Campbell wrote:
> >>  9.1.2 From
> >> 
> >>     Furthermore, the domain identifier portion of the JID 
> >> contained in
> >>     the 'from' attribute MUST match the hostname of the sending 
> >> server
> >>     (or any validated domain thereof, such as a validated domain
> >>     hosted by the sending server) as communicated in the SASL
> >>     negotiation, dialback negotiation or other means;
> >                                         ^^^^^^^^^^^^^^
> > 
> > What might those other means be?
> 
> I think Bruce's (sensible) intention is to leave the door open for 
> other methods as yet unspecified. DNS-SEC might be one such option, I 
> suppose, although I'm not entirely sure. Text as-is looks good to me.

Actually I think that using DNS-SEC as a source for authentication would
be in combination with SASL EXTERNAL, just like how we now use TLS
certs. I'm not sure if you need to explicitly mention alternates.

-- 
Groetjes,

ralphm




More information about the Standards mailing list