[jdev] S2S questions - from attribute and version support

Richard Dobson richard at dobson-i.net
Thu Jan 5 10:22:13 CST 2006


>> >> Using DIGEST-MD5 or PLAIN for interconnection between servers would 
>> >> mean
>> >> that EVERY PAIR of jabber servers would have to agree on a shared
>> >> secret. That's very much impractical.
>>
>> > True, thats why I believe that something should be done to facilitate
>> > it.  Otherwise, how about having TLS+SASL ANONYMOUS for s2s then?
>>
>> Doesnt that open you up to forgery (and thus forged spam)? Or is the TLS
>> enough to protect against that?

> Right.  And If the servers do mutual auth using TLS, then might as
> well go for EXTERNAL

Huh, right to which? Does it open you up to forgery or not, and if TLS is 
enough to prevent forgery on its own then why arnt we just using that on its 
own without SASL?

Richard





More information about the JDev mailing list