On Thu, 22 Sep 2005 22:53:20 +0200, JD Conley <[EMAIL PROTECTED]>
wrote:
This is bad engineering i.t.o. creating undesirable impact on the
broader
Internet.
What is the undesirable impact? Sure, there are a few more DNS lookups
and potentially more connections and some stream errors. That doesn't
seem like much of an impact. I don't see the harm in connecting to hosts
that do not provide service to the domain you need. This is flushed out
rather quickly in the S2S process.
It is, at least, a minor security risk. Only "minor" because running the
server on a domain you do not own isn't very safe to begin with, but none
the less this creates situations that are undesirable, and break the
principles behind the security provided by the dailback mechanism. Let's
say there is a "dynamic DNS" provider, that let's you link a subdomain to
an IP adress. Now let's say I register the username "John Doe" and get the
DNS name john.doe.dyndns.example.org. A malicious person could register
the username "Doe" and as soon as my Jabber server goes down, will with
some luck be able to impersonate all the users on my server.
That is, if Jive is used, of course.
