[Standards] LAST CALL: XEP-0220 (Server Dialback)

Peter Saint-Andre stpeter at stpeter.im
Fri Nov 7 23:47:48 UTC 2008

This Last Call has ended. I received some feedback off-list, which I
will consolidate and post to the list next week.

XMPP Extensions Editor wrote:
> This message constitutes notice of a Last Call for comments on
> XEP-0220 (Server Dialback).
> Abstract: This specification defines the Server Dialback protocol,
> which is used between XMPP servers to provide identity verification.
> Server Dialback uses the Domain Name System (DNS) as the basis for
> verifying identity; the basic approach is that when a receiving
> server receives a server-to-server connection request from an
> originating server, it does not accept the request until it has
> verified a key with an authoritative server for the domain asserted
> by the originating server. Although Server Dialback does not provide
> strong authentication or trusted federation and although it is
> subject to DNS poisoning attacks, it has effectively prevented most
> instances of address spoofing on the XMPP network since its
> development in the year 2000.
> URL: http://www.xmpp.org/extensions/xep-0220.html
> This Last Call begins today and shall end at the close of business on
> 2008-11-07.
> Please consider the following questions during this Last Call and
> send your feedback to the standards at xmpp.org discussion list:
> 1. Is this specification needed to fill gaps in the XMPP protocol
> stack or to clarify an existing protocol? 2. Does the specification
> solve the problem stated in the introduction and requirements? 3. Do
> you plan to implement this specification in your code? If not, why
> not? 4. Do you have any security concerns related to this
> specification? 5. Is the specification accurate and clearly written?
> Your feedback is appreciated!

More information about the Standards mailing list