Hi Justin!
Justin Karneges schrieb:
Protocol-wise, I'd say having different types of channels is allowed.
However, this again seems like a security policy decision. If a domain is
explicitly configured to be secure, then I would want to protect both
directions.
Out of that context, I think another interesting problem is this:
Think of two servers A and B, that require a SASL authenticated
connection. (No matter which one enforces this, or if both servers
enforce this.)
B trusts the certification authority of A, therefore A can deliver
stanzas to B. [EMAIL PROTECTED] can send a message to [EMAIL PROTECTED]
A does NOT trust the certification authorizty of B, therefore B cannot
deliver stanzas to A. [EMAIL PROTECTED] will never be able to reply to [EMAIL PROTECTED]
[EMAIL PROTECTED] never gets informed, that [EMAIL PROTECTED] cannot reply to his messages.
And as his own messages get delivered, it does not get a bounce telling
that there are interconnection problems with A and B either.
Matthias
