[Standards] XEP-0220: handling of invalid dialback key
stpeter at stpeter.im
Thu Apr 14 20:30:37 UTC 2011
On 4/14/11 2:22 PM, Philipp Hancke wrote:
> Actually, I mostly disagree with the "removed requirement for the
> Receiving Server to close the stream if the dialback key is invalid"
> stuff. From the security POV, why should the receiving server not
> terminate the stream?
Because, from the performance point of view, it doesn't want to discard
the 10,000 valid domains it already supports on that stream. That's a
huge cost to impose on the server just because the 10,001st domain has a
DNSSEC problem. For traditional dialback the force-close requirement is
fine. For dialback as used for domain name assertions with DNSSEC it
seems too strong to me.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 6105 bytes
Desc: S/MIME Cryptographic Signature
More information about the Standards