On 28 August 2013 18:28, Matthew Wild <[email protected]> wrote: > > http://wiki.xmpp.org/web/Securing_XMPP > > Only feedback so far: you might want to clarify the "single > domain"/"multiple domain" thing - DANE is not a requirement for > securely hosting multiple domains on a single server. I think that > might confuse people. >
It's confusing me too. As I understand the current state of things: If I lookup the SRV record for example.com, connect to the server and the certificate matches servername.example.com, I can be pretty certain that I'm talking to the right server. However, if example.com returns a SRV record for server.xmpp-hosting.com, we're dealing with a different beast and DANE / POSHy things need to start happening to avoid DNS spoofing. (I'm assuming example.com's owner don't want to be lodging private certs with their XMPP vhosting provider). - Is there any reason to worry about DANE stuff for a single domain XMPP setup? - Is Prosody really the only server that supports DANE? S. -- Simon Tennant | buddycloud.com | +49 17 8545 0880 | office hours: goo.gl/tQgxP
_______________________________________________ JDev mailing list Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: [email protected] _______________________________________________
