[jdev] Google DNS SRV records

Rory rory at ipster.org
Sat Aug 27 12:58:19 CDT 2005 

On Sat, Aug 27, 2005 at 10:19:08PM +1000, Trejkaz wrote:
> On Sat, 27 Aug 2005 22:06, Rory wrote:
> > If you permit the user to provide you with a server name and port number
> > then things become more complicated than they need to be. For instance,
> > does the user-supplied server name qualify as a valid identity for the
> > purpose of validating the server's X590 certificate. Or, if there this
> > is an automated client, should we fall back to checking for DNS SRV
> > records if there is no server listening at the specified server address?
> > Do we offer the user configuration options to answer these questions and
> > the others that arise? ...
> 
> More complicated than they "need to be"?
> 
> Let's say you remove the option to connect to an alternative IP.  This seals 
> off people like me who _need_ this setting to tunnel their XMPP connection 
> through a work firewall.
> 
> I think the reasonable expectation is that the user's setting always overrides 
> the DNS, whether SRV records exist or not.  If the user specifies both the 
> host and the port, you shouldn't need to hit DNS at all.
> 
> TX
> 

I think we may have gone on a tangent there for a minute
- my fault no doubt. I just wanted to conclude with a
slightly more refined answer to these important issues
you have pointed out to me.

In my - perhaps idealistic - view of the world, it is the
responsibility of the developer of an XMPP client/library
to implement the protocol. And it is the responsibility
of the protocol to locate the server - which the XMPP
protocol does very well.

With regard to tunneling through firewalls and proxies
- ignoring the issue of corporate policy evasion - I
actually believe that this is an area where true XMPP
proxies could come to the aid of many. The XMPP protocol
provides for proxies, but I don't know if any have yet been
built. You could run proxies inside firewalls that might
be knowledgeable about HTTP tunneling. Or you could run
one on your gateway if it was secure enough. Or you could
use publicly accessible XMPP proxies out on the net with
a known location - chat.example.com port 443 -  to reach
your destination - as sinbad.sailor at jabber.org. Thus,
I would suggest that time might be well spent building
these XMPP proxies. I would also suggest that providing
support for XMPP proxies may be a suitable responsibility
for the XMPP client/library developers.

Rory

More information about the JDev mailing list