This Last Call has ended. I received some feedback off-list, which I will consolidate and post to the list next week.
XMPP Extensions Editor wrote: > This message constitutes notice of a Last Call for comments on > XEP-0220 (Server Dialback). > > Abstract: This specification defines the Server Dialback protocol, > which is used between XMPP servers to provide identity verification. > Server Dialback uses the Domain Name System (DNS) as the basis for > verifying identity; the basic approach is that when a receiving > server receives a server-to-server connection request from an > originating server, it does not accept the request until it has > verified a key with an authoritative server for the domain asserted > by the originating server. Although Server Dialback does not provide > strong authentication or trusted federation and although it is > subject to DNS poisoning attacks, it has effectively prevented most > instances of address spoofing on the XMPP network since its > development in the year 2000. > > URL: http://www.xmpp.org/extensions/xep-0220.html > > This Last Call begins today and shall end at the close of business on > 2008-11-07. > > Please consider the following questions during this Last Call and > send your feedback to the [email protected] discussion list: > > 1. Is this specification needed to fill gaps in the XMPP protocol > stack or to clarify an existing protocol? 2. Does the specification > solve the problem stated in the introduction and requirements? 3. Do > you plan to implement this specification in your code? If not, why > not? 4. Do you have any security concerns related to this > specification? 5. Is the specification accurate and clearly written? > > Your feedback is appreciated!
