I wonder how practical it would be to allow a third-party to send a stanza using a "from" domain that is already controlled by an existing server.
I imagine a flow going something like this: S1 = official server (owner of domain) T1 = third party server (the one sending the stanza) S2 = target server (the one receiving the stanza) 1) T1 handshakes with S2, claiming to be S1 and providing dialback key. 2) S2 dialbacks to S1, presenting dialback key for verification. 3) S1 replies with success, vouching for the key provided by T1. 4) T1 sends stanza to S2 using JID with domain @S1. The challenge with allowing a third-party to do this is the need for both S1 and T1 to understand the same dialback key scheme, which may involve sharing data or sharing a secret key and algorithm. Has anyone considered a standard approach for this? One situation I could see this being useful is if you wanted to delegate the task of sending a lot of pubsub notification events to a third party server. However, there is still one problem with this offloading idea which is that all the dialback requests would still blast S1 to hell. Justin
