Peter Saint-Andre wrote: > I'd like some feedback from server developers.
Federation levels: I don't think that federation level 3 should be called 'secure federation'. TLS only provides protection against passive eavesdropping here. Nice to have, but I would not call that 'secure'. The level definition should include the behaviour of a server when connecting to a remote domain: * Use dns to resolve the remote domain and connect (level 2, possibly also level 1) * Use dns to resolve the remote domain, connect, starttls, no certificate validation (level 3) imo you should verify that the certificate contains the expected identity, but doing so will not increase security when you accept self-signed certs anyway. * Use dns to resolve the remote domain, connect, starttls and verify the certificate (level 4) There is another important service type: Verified Acceptable, CA-issued certificate > Will it be helpful for me to finish defining these protocol flows? Do you really want to (re)define 25 (36?) flows? Some kind of matrix that says if the connection succeeds and what mechanism is used for verification (connection rejected, dialback, starttls+dialback, sasl external) would be sufficient. Another two questions: Example 13: verona did not send version=1.0 to capulet. Is capulet supposed to send stream:features anyway? Example 25: remote-server-not-found? Why not remote-connection-failed? Philipp
