I'm interested in what people feel the 'correct' approach is to the following situation.
XMPP (the 'Jabber' protocol) uses DNS SRV records to determine the location of a Jabber service for a given DNS domain. In some implementations there may be multiple servers, running on multiple different machines, all of which can accept an incoming connection. In current Jabber (and MIT Kerberos) implementations, the service principal used for the SASL/GSSAPI/Kerberos connection is the canonical version of the hostname returned from the results of the SRV query. This is obviously bad, as the use of an insecure directory service (DNS) to perform both of these lookups presents an opportunity for a MITM attack. Worse is a current proposal that the server should be able to tell the client the principal name to use. So, for a Jabber connection to 'example.org', should we connecting to the service principal 'xmpp/example.org'? But, how does this work where 'example.org' is providing multiple XMPP servers - should they all have a copy of the same key material, and does this present further concerns? Cheers, Simon. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
