fre jun 26 16:45:56 2015 GMT+0200 skrev Peter Saint-Andre - &yet: > >> Sure, you need to do the SRV two-step. > > > > I'm not sure I understand completely, then. Are you proposing that the > > target of the SRV record is the XMPP host (and thus ignore the port?)? > > I'm not sure I understand completely either. :-) > > We'll probably do something like this: > > _xmpp-client._tcp.talky.io. 400 IN SRV 20 0 5222 auth.talky.io > _xmpp-guest._tcp.talky.io. 400 IN SRV 20 0 5222 anon.talky.io > > Naturally the ports might not be 5222 and such, but the general idea is > that we want to point guest users at a different auth service. By "SRV > two-step" I mean that the client would still need to resolve > auth.talky.io or anon.talky.io in the normal ways (we're not necessarily > going to point directly to what in draft-ietf-dane-srv we called the > "connection endpoint").
Surely there must be something more appropriate? Eg PTR or such. Or you might advertise something in-band. Or why not advertise SASL ANONYMOUS and bind then in a different host? So that you connect to example.com but are given a jid on anon.example.com during resource binding. -- Kin Alvefur
