On 12/19/2017 7:30 AM, Yoel Villarreal wrote:
El Tue, 19 Dec 2017 10:23:32 +0100
Manuel Mely <mm...@mmely.de> escribió:
Supongo que los tiros andan por aquí [1]
A compliant client implementation MUST support both TLS and SASL for
connections to a server.
The TLS protocol for encrypting XML streams (defined under Use of
TLS) provides a reliable mechanism for helping to ensure the
confidentiality and data integrity of data exchanged between two
entities.
The SASL protocol for authenticating XML streams (defined under Use
of SASL) provides a reliable mechanism for validating that a client
connecting to a server is who it claims to be.
Client-to-server communications MUST NOT proceed until the DNS
hostname asserted by the server has been resolved. Such resolutions
SHOULD first attempt to resolve the hostname using an [SRV] Service
of "xmpp-client" and Proto of "tcp", resulting in resource records
such as "_xmpp-client._tcp.example.com." (the use of the string
"xmpp-client" for the service identifier is consistent with the IANA
registration). If the SRV lookup fails, the fallback is a normal
IPv4/IPv6 address record resolution to determine the IP address,
using the "xmpp-client" port 5222, registered with the IANA.
The IP address and method of access of clients MUST NOT be made
public by a server, nor are any connections other than the original
server connection required. This helps to protect the client's server
from direct attack or identification by third parties.
1- https://xmpp.org/rfcs/rfc3920.html
Se agradece la explicacion, ingles o no, la cosa es que Fumero no tiene
el control del dns y lo necesita. Primer paso, tener el control,
segundo paso poner el record srv, creeme Fumero que lo demas es
trivial, solo que tengan visibilidad entre esos dos jabber.
______________________________________________________________________
Lista de correos del Grupo de Usuarios de Tecnologías Libres de Cuba.
Gutl-l@jovenclub.cu
https://listas.jovenclub.cu/cgi-bin/mailman/listinfo/gutl-l
cierto, realmente con registros A todo debe funcionar, los SRV son mas
bonitos para que use el mismo dominio para todos los servicios, pero
deben funcionar, incluso entre dos servers, a golpe de IP se deben
conectar sin problemas, revisen que los dos esten aceptando conexiones
s2s y que los puertos esten disponibles entre ellos, en los logs, debe
dar razones!
______________________________________________________________________
Lista de correos del Grupo de Usuarios de Tecnologías Libres de Cuba.
Gutl-l@jovenclub.cu
https://listas.jovenclub.cu/cgi-bin/mailman/listinfo/gutl-l
