[Standards] XEP-0220: handling of invalid dialback key

Philipp Hancke fippo at goodadvice.pages.de
Fri Apr 15 04:12:46 UTC 2011


Peter Saint-Andre wrote:
[...]
>> I do not see any conflicts. As noted on the XMPPWG list, DNA actually
>> requires support for dialback errors, but otherwise I do not see why it
>> would not work as described.
>
> So, in DNA, if a DNSSEC-based verification doesn't work out, the
> Authoritative Server returns an error, not "invalid"?

The Authoritative Server (in the dialback sense) is not involved - there 
is no dial-back.

[...]

>>>> If it never uses dial-back, why should the receiving server send
>>>> 'invalid' instead of 'error'?
>>>
>>> Could you clarify that scenario?
>>
>> The receiving server will only "forward" invalid, never generate it itself.
>
> Hmm, yes.

I just noticed that the current DNA draft does not use 'invalid' in this 
way:
 > If there are no DNSSEC records or the
 > signature is not valid, then the server rejects the request to send
 > stanzas from that domain. [...]
 >   R: <db:result type='invalid' from='sender.tld' to='target.tld' />

I think using a dialback error (possibly <not-authorized/>) is more 
appropriate in that situation.




More information about the Standards mailing list