[Standards] RFC 3920, 10.2/10.3: subdomain routing rules

Matthias Wimmer m at tthias.eu
Thu Mar 29 13:13:15 UTC 2007


Dave Cridland schrieb:
> DNS-SEC comes in, of course, because otherwise there's an attack where 
> the attacker sets up a legimimate server for domain A, ensures a channel 
> is active to it by sending the target server stanzas for A, cons it into 
> reusing the channel for some other domain B by spoofing DNS, and 
> maintains that channel as well by frequent stanza sending to B. Then, 
> the attacker has obtained all the legimate traffic to the domain B from 
> the target server.
> 
> Does that clarify things?

"Yes ... but"

We are open to this type of attack at present anyway. XMPP s2s does only 
authenticate the sending server of a connection - NOT the receiving server.

With dialback we are even not able to authenticate the receiving server. 
With TLS+SASL a server could verify the certificate of the receiving 
server, but AFAIK this is currently not done by our implementations. To 
enforce authentication of the receiving server we would have to disable 
dialback and require trusted certificates. This is something the XMPP 
network does not seem to be ready for yet. You might only configure this 
in a closed XMPP network or with specially configured peers for now.


Matthias




More information about the Standards mailing list