[jdev] Digest URIs for XMPP
Kurt Zeilenga
Kurt.Zeilenga at Isode.com
Tue Apr 14 22:30:36 CDT 2009
I think clients ought to simply assert xmpp/host where host is
whatever string the user specified to connect to.
But more importantly is what should the server do. RFC 2831 says:
Servers SHOULD check that the supplied value is correct. This will
detect accidental connection to the incorrect server. It is also so
that clients will be trained to provide values that will work with
implementations that use a shared back-end authentication service
that can provide server authentication.
I suggest instead:
Servers SHOULD ignore that the supplied value. The check
was intended to detect that client did not accidentally
connect to the incorrect server. Performing the check will far more
likely lead to disconnecting of clients which did connect to the
correct server than disconnecting clients which accidentally
connected
to an incorrect server.
Such checks tend to make the application services brittle. (Consider
the implications of forward and reverse NAT devices, transparent (to
the client and server) tunneling, etc.)
-- Kurt
More information about the JDev
mailing list