[Standards] UPDATED: XEP-0220 (Server Dialback)

XMPP Extensions Editor editor at xmpp.org
Tue Apr 19 22:02:55 UTC 2011


Version 0.8 of XEP-0220 (Server Dialback) has been released.

Abstract: This specification defines the Server Dialback protocol, which is used between XMPP servers to provide identity verification. Server Dialback uses the Domain Name System (DNS) as the basis for verifying identity; the basic approach is that when a receiving server accepts a server-to-server connection from an originating server, it does not process traffic over the connection until it has verified a key with an authoritative server for the domain asserted by the originating server. Although Server Dialback does not provide strong authentication or trusted federation and although it is subject to DNS poisoning attacks, it has effectively prevented most instances of address spoofing on the XMPP network since its development in the year 2000.

Changelog: Per list discussion, restored requirement for Receiving Server to close the stream if the dialback key is invalid, since application of dialback to multiple domain pairs will use dialback packets of type error, not type invalid. (ph/psa)

Diff: http://xmpp.org/extensions/diff/api/xep/0220/diff/0.7/vs/0.8

URL: http://xmpp.org/extensions/xep-0220.html




More information about the Standards mailing list