[Standards] guest access
Peter Saint-Andre - &yet
peter at andyet.net
Fri Jun 26 14:45:56 UTC 2015
On 6/26/15 6:46 AM, Matthew Wild wrote:
> On 26 June 2015 at 13:38, Peter Saint-Andre - &yet <peter at andyet.net> wrote:
>> On 6/26/15 5:26 AM, Matthew Wild wrote:
>>> On 26 June 2015 at 00:51, Peter Saint-Andre - &yet <peter at andyet.net>
>>>> Thus we need a way for a client to discover where it can authenticate as
>>>> ad-hoc or guest user. We don't want to use a DNS SRV Service name of
>>>> "xmpp-client" because that will point clients to the service endpoint for
>>>> registered users. What we came up with was to use a new DNS SRV Service
>>>> of "xmpp-guest", which would point to the service endpoint for guest
>>>> Has anyone else deployed this kind of pattern? If so, how did you solve
>>>> problem of service endpoint discovery? Would you find it helpful to have
>>>> DNS SRV Service name for this kind of access?
>>> Would a TXT record not be more appropriate?
>> Not according to IETF folks. There's a real animus against TXT records for
>> SRV-ish things (and this seems like one of them).
>>> Containing the XMPP host
>>> of a suitable place to authenticate anonymously? A SRV will tell you
>>> where to connect to, but not which XMPP host to use.
>> Sure, you need to do the SRV two-step.
> I'm not sure I understand completely, then. Are you proposing that the
> target of the SRV record is the XMPP host (and thus ignore the port?)?
I'm not sure I understand completely either. :-)
We'll probably do something like this:
_xmpp-client._tcp.talky.io. 400 IN SRV 20 0 5222 auth.talky.io
_xmpp-guest._tcp.talky.io. 400 IN SRV 20 0 5222 anon.talky.io
Naturally the ports might not be 5222 and such, but the general idea is
that we want to point guest users at a different auth service. By "SRV
two-step" I mean that the client would still need to resolve
auth.talky.io or anon.talky.io in the normal ways (we're not necessarily
going to point directly to what in draft-ietf-dane-srv we called the
More information about the Standards