[Standards] UPDATED: XEP-0220 (Server Dialback)
stpeter at stpeter.im
Tue Aug 27 20:44:29 UTC 2013
On 8/27/13 2:41 PM, XMPP Extensions Editor wrote:
> Version 0.15 of XEP-0220 (Server Dialback) has been released.
> Abstract: This specification defines the Server Dialback protocol,
> which is used between XMPP servers to provide identity verification.
> Server Dialback uses the Domain Name System (DNS) as the basis for
> verifying identity; the basic approach is that when a receiving
> server accepts a server-to-server connection from an initiating
> server, it does not process XMPP stanzas over the connection until it
> has verified the initiating server's identity. Additionally, the
> protocol is used to negotitate whether the receiving server is
> accepting stanzas for the target domain. Although Server Dialback
> does not provide strong authentication and is subject to DNS
> poisoning attacks, it has effectively prevented most address spoofing
> on the XMPP network since its development in the year 2000.
> Changelog: Addressed Last Call feedback and made editorial
> improvements. (psa/ph)
Philipp and I have addressed the Last Call feedback and have also
completed independent reviews of the spec, leading to clarifications and
improvements throughout. In our opinion it's now ready for advancement
to Draft, but naturally that decision is a matter for the XMPP Council.
More information about the Standards