[Standards] XEP-0178 1.1rc3

Peter Saint-Andre stpeter at stpeter.im
Thu Apr 14 19:34:47 UTC 2011

On 4/14/11 6:11 AM, Philipp Hancke wrote:
> Peter Saint-Andre wrote:
>>> s2s step 10 includes the authorization identity, whereas section 9.2.2.
>>> in the RFC includes an empty response.
>>> Unless we consider that a bug in the RFC we need some kind of handling
>>> for using the stream's from attribute in step 11 when the response is
>>> empty.
>> I think it depends.
>> As in XEP-0220, if the sending domain is authorizing as (e.g.) a
>> subdomain such as chat.sender.tld then wouldn't the originating server
>> specify that as an authorization identity? Or do we assume that the
> Multiple authentications?
>> 'from' will always match the authorization identity, in which case it's
> That assumption is already there, because the receiving server offers
> EXTERNAL only if the 'from' is contained in the certificate.

You're right.

>> never necessary to include the authzid? I suppose the latter approach is
>> simpler...
> Sure. But that was changed in version 0.0.3 and I don't think we can
> "fix" that now nor is there a compelling reason.

No, there is no compelling need -- such flexibility might be desirable
someday, but we don't design for someday.

> I have no objections to adding a fallback to the stream's in s2s step 11
> if the authorization id is empty. IIRC some servers already do that.

What is the nature of the fallback?


Peter Saint-Andre

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6105 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20110414/fe8472bd/attachment.bin>

More information about the Standards mailing list