2005/9/25, Richard Dobson [EMAIL PROTECTED]:
Is it possible to setup wildcard SRV records? Would you set it up like
_xmpp-server._tcp.*.example.com ?
Would that work?
Depends on the DNS implementation.
Most of them support it. :-)
--
smk
2005/9/25, Johannes Fröhlich [EMAIL PROTECTED]:
I agree with Matt that it's a bummer how jids are constructed.
I do not agree. JIDs are constructed well and thoughtfully.
But my suggestion
would be to make it as consistant as possible for the user.
But you are suggesting to make it
Tomasz Sterna wrote:
2005/9/25, Johannes Fröhlich [EMAIL PROTECTED]:
I agree with Matt that it's a bummer how jids are constructed.
Tough luck, eh? :-)
A muc-room would be server.net/muc/room and
JIDs are not hierarchical. And putting / character in resource will
not make them so. ;-)
On Sun, 25 Sep 2005 11:36, Perry Lorier wrote:
What happens if I register _tcp.com ?
How, exactly, would one go about registering an invalid hostname?
TX
--
Email: Trejkaz Xaoza [EMAIL PROTECTED]
Web site: http://trypticon.org/
Jabber ID: [EMAIL PROTECTED]
Trejkaz wrote:
On Sun, 25 Sep 2005 11:36, Perry Lorier wrote:
What happens if I register _tcp.com ?
How, exactly, would one go about registering an invalid hostname?
a hostname != a domain name. _ is an invalid name for a host. _tcp.com
is a domain, not a host. If I'm not intending to
On Sun, 25 Sep 2005 22:18, Perry Lorier wrote:
Trejkaz wrote:
On Sun, 25 Sep 2005 11:36, Perry Lorier wrote:
What happens if I register _tcp.com ?
How, exactly, would one go about registering an invalid hostname?
a hostname != a domain name. _ is an invalid name for a host. _tcp.com
On 9/22/05, Tijl Houtbeckers [EMAIL PROTECTED] wrote:
On Thu, 22 Sep 2005 22:53:20 +0200, JD Conley [EMAIL PROTECTED]
wrote:
This is bad engineering i.t.o. creating undesirable impact on the
broader
Internet.
What is the undesirable impact? .
It is, at least, a minor security
On Sat, 24 Sep 2005 17:59:00 +0200, Peter Millard [EMAIL PROTECTED]
wrote:
On 9/22/05, Tijl Houtbeckers [EMAIL PROTECTED] wrote:
On Thu, 22 Sep 2005 22:53:20 +0200, JD Conley [EMAIL PROTECTED]
wrote:
This is bad engineering i.t.o. creating undesirable impact on the
broader
Internet.
The major problem with this sort of second-guessing DNS isn't even the
security problems it possesses (by assuming that DNS nesting MUST
imply some sort of trust relationship of services running under those
names).
It is that servers which implement the XMPP standard and which don't
add this DNS
Hey all,
We take security issues very seriously and appreciate the feedback.
However, some of the reactions in this thread are simply unreasonable.
Why do so many JSF discussions wax into flame wars? :)
So, I'd like to take a step back and try to step through the issues.
First, unless there's an
On 9/24/05, Matt Tucker [EMAIL PROTECTED] wrote:
However, some of the reactions in this thread are simply unreasonable.
Why do so many JSF discussions wax into flame wars? :)
I firmly believe in flame wars. I think that this is one of the more
productive discussions since The Great Encryption
On Sun, 25 Sep 2005 00:33:11 +0200, Matt Tucker [EMAIL PROTECTED]
wrote:
Assume your server is down so some Jive Messenger instance tries to make
the connection to dyndns.org. If an evil XMPP server truly lives at that
address, how could you possibly trust that your dynamic DNS entry is
also
On 9/25/05, Matt Tucker [EMAIL PROTECTED] wrote:
Hey all,
We take security issues very seriously and appreciate the feedback.
However, some of the reactions in this thread are simply unreasonable.
Why do so many JSF discussions wax into flame wars? :)
So, I'd like to take a step back and
On 25 Sep 2005, at 00:14, Johannes Fröhlich wrote:
My suggestion would be to list services like server.net/service.
This would be a
resource for the server. A muc-room would be server.net/muc/room and
a user using
this mucroom would have the jid [EMAIL PROTECTED]/muc/room or
just [EMAIL
Tjil,
I did that in my first reply, the other problem I pointed out
was in my last reply; Instead of having to steal the DNS
record you can steal one that's hardly used or doesn't even
exist. This gives attacks a lot more stealth.
Are you playing devil's advocate or are you serious? If I
On 9/24/05, Matt Tucker [EMAIL PROTECTED] wrote:
Tjil,
snip
While requiring a signed certificate is a step up, it is only
a small step it. It are still unknown servers you are talking
to, thus unknown certificates.
That's the point of a CA. If a CA signs a cert, that means you should
On Sun, 25 Sep 2005 01:58:35 +0200, Matt Tucker [EMAIL PROTECTED]
wrote:
Tjil,
I did that in my first reply, the other problem I pointed out
was in my last reply; Instead of having to steal the DNS
record you can steal one that's hardly used or doesn't even
exist. This gives attacks a lot
On Sun, 25 Sep 2005 02:55:09 +0200, David Waite [EMAIL PROTECTED] wrote:
On 9/24/05, Matt Tucker [EMAIL PROTECTED] wrote:
Tjil,
snip
While requiring a signed certificate is a step up, it is only
a small step it. It are still unknown servers you are talking
to, thus unknown certificates.
Are you playing devil's advocate or are you serious? If I had to guess,
I'd say that 99.9% of public XMPP servers are deployed at [domain].com
or [sub].[domain].com. They're not deployed at
[sub].[sub].[sub].[domain].com. This means that there are generally
never unused or hardly used
On Sun, 25 Sep 2005 03:36:09 +0200, Perry Lorier [EMAIL PROTECTED] wrote:
Are you playing devil's advocate or are you serious? If I had to guess,
I'd say that 99.9% of public XMPP servers are deployed at [domain].com
or [sub].[domain].com. They're not deployed at
Tijl Houtbeckers wrote:
On Sun, 25 Sep 2005 03:36:09 +0200, Perry Lorier [EMAIL PROTECTED] wrote:
Are you playing devil's advocate or are you serious? If I had to guess,
I'd say that 99.9% of public XMPP servers are deployed at [domain].com
or [sub].[domain].com. They're not deployed at
On Sun, 25 Sep 2005 03:53:29 +0200, Perry Lorier [EMAIL PROTECTED] wrote:
Tijl Houtbeckers wrote:
On Sun, 25 Sep 2005 03:36:09 +0200, Perry Lorier [EMAIL PROTECTED]
wrote:
Are you playing devil's advocate or are you serious? If I had to
guess,
I'd say that 99.9% of public XMPP servers
We run our conference server on
conference.jabber.meta.net.nz. This is a
sub.sub.sub.domain.nz, and is probably very common for
companies using jabber outside the US where their domain is
in a CC TLD.
Thanks, that's a good point. The algorithm should be refined to account
for
Interesting solution but not exactly standard, and will only
work between servers that are running Jive Messenger,
True. However, the nice thing about the logic is that normal DNS is
tried first. We also recommend that users setup DNS for max
compatibility. Even so, the extra logic means
On Thu, 22 Sep 2005 22:53:20 +0200, JD Conley [EMAIL PROTECTED]
wrote:
This is bad engineering i.t.o. creating undesirable impact on the
broader
Internet.
What is the undesirable impact? Sure, there are a few more DNS lookups
and potentially more connections and some stream errors. That
25 matches
Mail list logo