[jdev] Second-guessing dns for s2s
Peter Millard
pgmillard at gmail.com
Sat Sep 24 10:59:00 CDT 2005
On 9/22/05, Tijl Houtbeckers <thoutbeckers at splendo.com> wrote:
> On Thu, 22 Sep 2005 22:53:20 +0200, JD Conley <jd.conley at coversant.net>
> wrote:
>
> >>
> >> This is bad engineering i.t.o. creating undesirable impact on the
> > broader
> >> Internet.
> >
> > What is the undesirable impact? .
>
> It is, at least, a minor security risk.
I disagree that this is a minor security hole. The fact that my JM
server can potentially contact two completely different servers for
the same JID is a very bad thing. Jabber ID's are designed to be
unique, and they should be. This uniqueness is provided by using
domain names to help partition off the namespace. What you are
essentially doing is flattening this namespace by changing your
implementation.
ie, when my server contacts foo at conference.jabber.org, it should
NEVER, EVER, try to send that message to foo at jabber.org instead. This
seems very bad to me.
pgm.
More information about the JDev
mailing list