[jdev] s2s lookup cascades
Peter Saint-Andre
stpeter at jabber.org
Thu Jul 6 17:34:54 CDT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jefferson Ogata wrote:
> On 07/06/2006 06:21 PM, Tomasz Sterna wrote:
>> On 7/4/06, Norman Rasmussen <norman at rasmussen.co.za> wrote:
>>> Most jabber servers seem to give up and _not_ do the dns cascade, but
>>> Wildfire seems to do the cascade DNS, generating lots of 'Failed to
>>> lookup .de', or 'Failed to lookup .org' records in the log files.
>> So you say if I'm hosting your parent domain I could take-over and
>> spoof your non-functioning (DDoS'ed) XMPP server? Sending SPIM,
>> harvesting password. Possibilities are endless. Great, just great.
>
> Given jabber clients' genearlly poor support of SSL/TLS certificate
> verification (kudos to Psi for doing it right), resistance to DNS-based
> attacks seems like a definite non-priority for the jabber community.
RFC 3920 says how to properly handle certificates. Unfortunately, server
certificates are not widespread yet (let alone client certificates). But
I'm working to change that...
Peter
- --
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.shtml
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFErZAONF1RSzyt3NURAglYAJ9UzRal8Ey7k3x94RxleuZbRhmqsgCeOwLO
hNQvEBC8kdbxl+Ll4RVx+Qo=
=EHub
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3641 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://www.jabber.org/jdev/attachments/20060706/ce36ebad/attachment-0002.bin>
More information about the JDev
mailing list