[Standards] RFC 3920, 10.2/10.3: subdomain routing rules
m at tthias.eu
Thu Mar 29 14:28:35 UTC 2007
Tony Finch schrieb:
> Presumably if you can't verify their certificate when connecting to them,
> you reject the SASL EXTERNAL when they connect to you.
Sorry ... but have you read what we are talking about?
Sure no correct implementation will accept SASL EXTERNAL if the
connecting server did not authenticate using an external mean (e.g.
TLS). But we talked about verifying where we deliver stanzas, not
verifying the source of them.
BTW: you do not even offer SASL EXTERNAL if you could not authenticate
the connecting peer externally.
More information about the Standards