On Tue Mar 10 21:40:41 2009, Jiří Zárevúcký wrote:
2009/3/10 Kurt Zeilenga <[email protected]>:
>
> Also, the Security Considerations should note that it might not be
> appropriate for the server to disclose the IP address it
associates with the
> client to the client (such as when the server is behind a NAT).
>
I don't think this could pose any problem. Even if the server itself
is behind a NAT, it still sees the public IP of the client (most
probably it's ISP's router).
Not always true, in some configurations the connection's address
might be an internal one, and the server might not be able to
detirmine the real originating address. I agree this is rare, but it
might well happen in cases such as IPv4/IPv6 translation in
particular (such as when the internal network is IPv6 only, and the
remote connection is IPv4).
It's really not clear what such an answer would mean to the client in
practical terms.
Similar cases exist when the client is accessing the server
indirectly, via filtering proxies on the edge - XMPP doesn't talk
about these, but they exist in military environments. However, in
this case, the information would be known to be useless a priori, so
one assumes the server would be configured not to advertise or
respond to this feature.
Dave.
--
Dave Cridland - mailto:[email protected] - xmpp:[email protected]
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
