[Standards] XEP-0220: handling of invalid dialback key

Peter Saint-Andre stpeter at stpeter.im
Fri Apr 15 04:25:09 UTC 2011

On 4/14/11 10:12 PM, Philipp Hancke wrote:
> Peter Saint-Andre wrote:
> [...]
>>> I do not see any conflicts. As noted on the XMPPWG list, DNA actually
>>> requires support for dialback errors, but otherwise I do not see why it
>>> would not work as described.
>> So, in DNA, if a DNSSEC-based verification doesn't work out, the
>> Authoritative Server returns an error, not "invalid"?
> The Authoritative Server (in the dialback sense) is not involved - there
> is no dial-back.
> [...]
>>>>> If it never uses dial-back, why should the receiving server send
>>>>> 'invalid' instead of 'error'?
>>>> Could you clarify that scenario?
>>> The receiving server will only "forward" invalid, never generate it
>>> itself.
>> Hmm, yes.
> I just noticed that the current DNA draft does not use 'invalid' in this
> way:
>> If there are no DNSSEC records or the
>> signature is not valid, then the server rejects the request to send
>> stanzas from that domain. [...]
>>   R: <db:result type='invalid' from='sender.tld' to='target.tld' />
> I think using a dialback error (possibly <not-authorized/>) is more
> appropriate in that situation.

Right, thus my confusion.


Peter Saint-Andre

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6105 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20110414/5d7a2a48/attachment.bin>

More information about the Standards mailing list