[Standards] RFC 3920, 10.2/10.3: subdomain routing rules

Matthias Wimmer m at tthias.eu
Thu Mar 29 14:28:35 UTC 2007


Hi Tony!

Tony Finch schrieb:
> Presumably if you can't verify their certificate when connecting to them,
> you reject the SASL EXTERNAL when they connect to you.

Sorry ... but have you read what we are talking about?

Sure no correct implementation will accept SASL EXTERNAL if the 
connecting server did not authenticate using an external mean (e.g. 
TLS). But we talked about verifying where we deliver stanzas, not 
verifying the source of them.

BTW: you do not even offer SASL EXTERNAL if you could not authenticate 
the connecting peer externally.


Matthias



More information about the Standards mailing list