On Wed, Jul 1, 2015 at 10:54 AM, Kim Alvefur <[email protected]> wrote: > Hi, > > I kinda have a deployed implementation of this, for mutual server to > server authentication with DANE in XMPP. I've settled on using SRV > record indirection that would already be in place for srv-dane. This > already has a number of deployments¹ and thus Just Works. >
Yup, I think that's a viable strategy for XMPP s2s authentication, where there are symmetrical characteristics on both sides in the form of SRV records. In the general case of client authentication (which our draft covers), this is probably not true. For example client systems may not have stable network addresses or associated address records, and might generally be moving around the network. In such cases, they need to relay their identity to the server side. Section 7 of our draft does talk about application protocol specific behavior that might take into account other client characteristics where available, but defers those details to application specific documents to define. -- Shumon Huque
_______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
