[jdev] SASL EXTERNAL for s2s in jabberd14
Matthias Wimmer
m at tthias.net
Fri Nov 4 17:48:55 CST 2005
Hi Justin!
Justin Karneges schrieb:
>Protocol-wise, I'd say having different types of channels is allowed.
>However, this again seems like a security policy decision. If a domain is
>explicitly configured to be secure, then I would want to protect both
>directions.
>
>
Out of that context, I think another interesting problem is this:
Think of two servers A and B, that require a SASL authenticated
connection. (No matter which one enforces this, or if both servers
enforce this.)
B trusts the certification authority of A, therefore A can deliver
stanzas to B. user1 at A can send a message to user2 at B.
A does NOT trust the certification authorizty of B, therefore B cannot
deliver stanzas to A. user2 at B will never be able to reply to user1 at A.
user1 at A never gets informed, that user2 at B cannot reply to his messages.
And as his own messages get delivered, it does not get a bounce telling
that there are interconnection problems with A and B either.
Matthias
More information about the JDev
mailing list