Philipp Hancke wrote: > Peter Saint-Andre wrote: >> I'd like some feedback from server developers. > > Federation levels: > I don't think that federation level 3 should be called 'secure > federation'. TLS only provides protection against passive eavesdropping > here. Nice to have, but I would not call that 'secure'.
Yes, "secure" means too many things to too many different people. At the least it is "encrypted federation". > The level definition should include the behaviour of a server when > connecting to a remote domain: > * Use dns to resolve the remote domain and connect (level 2, > possibly also level 1) > * Use dns to resolve the remote domain, connect, starttls, > no certificate validation (level 3) > imo you should verify that the certificate contains the expected > identity, but doing so will not increase security when you accept > self-signed certs anyway. > * Use dns to resolve the remote domain, connect, starttls and verify > the certificate (level 4) Good point. > There is another important service type: > Verified Acceptable, CA-issued certificate Does that make a real difference? >> Will it be helpful for me to finish defining these protocol flows? > > Do you really want to (re)define 25 (36?) flows? If it helps implementors, yes. Once I get the basic flows defined, it's mostly just a lot of copy-and-paste. > Some kind of matrix that says if the connection succeeds and what > mechanism is used for verification (connection rejected, dialback, > starttls+dialback, sasl external) would be sufficient. > > > Another two questions: > Example 13: > verona did not send version=1.0 to capulet. Is capulet supposed to send > stream:features anyway? I don't think so, because capulet (now "type3.lit") knows that verona (now "type1.lit") is an XMPP 0.9 server. But there is no active harm in also returning stream features. > Example 25: > remote-server-not-found? Why not remote-connection-failed? Yeah I debated about which error to use. In fact you can see that I got confused between stanza errors and stream errors (I was working in a hurry at the time). So remote-connection-failed is correct here. Peter -- Peter Saint-Andre https://stpeter.im/
smime.p7s
Description: S/MIME Cryptographic Signature
