[jdev] SASL EXTERNAL for s2s in jabberd14
Brian Campbell
bacam at z273.org.uk
Sat Nov 5 05:28:09 CST 2005
Hi,
On Sat, Nov 05, 2005 at 12:48:55AM +0100, Matthias Wimmer wrote:
>
> Out of that context, I think another interesting problem is this:
>
> Think of two servers A and B, that require a SASL authenticated
> connection. (No matter which one enforces this, or if both servers
> enforce this.)
>
> B trusts the certification authority of A, therefore A can deliver
> stanzas to B. user1 at A can send a message to user2 at B.
Shouldn't A refuse to send to B because B is unable to authenticate
itself? My reading of the RFC (section 4.3) is that both ends must
authenticate themselves, not just the server which initiates the
connection. This makes sense because A shouldn't be sending messages to
a potential imposter.
Brian
More information about the JDev
mailing list