On Tue May 13 13:50:14 2008, Dave Cridland wrote:
However, the jabber.org server doesn't know if the connection it
opens to me has been authenticated as conference.jabber.org,
jabber.org, or both; unless it specifies one or the other in the
SASL EXTERNAL negotiation. - which of course will only tell it if
I've accepted that identity alone.
Further thought - if it sends dialback to me when I recognise and
accept its certificate, I can reasonably choose to return acceptances
of them without actually dialling back, trusting that given the TLS
certificate, I can assume they work.
This means that the SASL EXTERNAL actually becomes optional, but it
also means that at least TLS is no worse than dialback in terms of
efficiency.
Moreover, it has no way to communicate to me whether or not it
accepts my certificate - so I don't know if I've authenticated, and
therefore I don't know if I can send anything.
I could, of course, send jabber.org dialback requests through the
connection it's opened to me, given that I trust that it's
jabber.org. However, sending dialback requests from the receiver to
the originator is unusual - do people think it'd be safe to do this?
Dave.
--
Dave Cridland - mailto:[EMAIL PROTECTED] - xmpp:[EMAIL PROTECTED]
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
