[Jabber-IETF] Dialback protocol
m at tthias.net
Sat Oct 5 12:41:38 CDT 2002
Pete Chown wrote:
> One quick question... I've been trying to understand the purpose of
> the dialback protocol. Presumably it's supposed to avoid the problem
> with SMTP, where you can connect to a server and pretend to be anyone
> you like.
> However, why is dialback better than a simple DNS check? Suppose foo
> connects to bar, says, "I'm foo," and then transfers a message coming
> from luser at foo. Bar can resolve foo through the DNS, and ensure that
> there is either an SRV or an A record pointing to the address on the
> other end of the TCP connection.
> There was another thing I wasn't sure about too. Are you allowed to
> have a configuration where there are Jabber relays, like mail relays?
> So now foo.com has an SRV record pointing to jabber-inward.foo.com.
> Messages leaving foo.com come from jabber-outward.foo.com. Now, won't
> this cause a problem for dialback authentication? It will think that
> jabber-outward.foo.com is not authorised to represent foo.com.
> I may be missing something here, because I've only started following
> the discussions recently.
The outgoing connection is most of the time originated by the first IP
of a system ... this IP is not necessary in the DNS for the domain of
the Jabber server.
(One example is amessage.de ... outgoing connections are originated by a
different IP address then the IP in DNS for amessage.de.)
More information about the xmppwg