On Tue, 16 Apr 2013, XMPP Extensions Editor wrote:
This message constitutes notice of a Last Call for comments on XEP-0220 (Server
Dialback).
Abstract: This specification defines the Server Dialback protocol, which is
used between XMPP servers to provide identity verification. Server Dialback
uses the Domain Name System (DNS) as the basis for verifying identity; the
basic approach is that when a receiving server accepts a server-to-server
connection from an initiating server, it does not process traffic over the
connection until it has verified the initiating server's key with an
authoritative server for the domain asserted by the initiating server.
Additionally, the protocol is used to negotitate whether the receiving server
is accepting stanzas for the target domain. Although Server Dialback does not
provide strong authentication and it is subject to DNS poisoning attacks, it
has effectively prevented address spoofing on the XMPP network since its
development in the year 2000.
URL: http://xmpp.org/extensions/xep-0220.html
This Last Call begins today and shall end at the close of business on
2013-05-10.
Please consider the following questions during this Last Call and send your
feedback to the [email protected] discussion list:
1. Is this specification needed to fill gaps in the XMPP protocol stack or to
clarify an existing protocol?
2. Does the specification solve the problem stated in the introduction and
requirements?
3. Do you plan to implement this specification in your code? If not, why not?
4. Do you have any security concerns related to this specification?
5. Is the specification accurate and clearly written?
Your feedback is appreciated!
Digging out my print copy i found some notes regarding stream compression
and session managment in 2.1.1 (after example 3).
Have we resolved
http://mail.jabber.org/pipermail/standards/2012-May/025999.html
and
http://mail.jabber.org/pipermail/standards/2012-May/025998.html
?
