[Standards] XEP-0178 1.1rc3
fippo at goodadvice.pages.de
Thu Apr 14 12:11:44 UTC 2011
Peter Saint-Andre wrote:
>> s2s step 10 includes the authorization identity, whereas section 9.2.2.
>> in the RFC includes an empty response.
>> Unless we consider that a bug in the RFC we need some kind of handling
>> for using the stream's from attribute in step 11 when the response is
> I think it depends.
> As in XEP-0220, if the sending domain is authorizing as (e.g.) a
> subdomain such as chat.sender.tld then wouldn't the originating server
> specify that as an authorization identity? Or do we assume that the
> 'from' will always match the authorization identity, in which case it's
That assumption is already there, because the receiving server offers
EXTERNAL only if the 'from' is contained in the certificate.
> never necessary to include the authzid? I suppose the latter approach is
Sure. But that was changed in version 0.0.3 and I don't think we can
"fix" that now nor is there a compelling reason.
I have no objections to adding a fallback to the stream's in s2s step 11
if the authorization id is empty. IIRC some servers already do that.
More information about the Standards