each message comes twice here with the latest Psi version
Alexhas left
Kevhas joined
Alexhas left
luca tagliaferrihas joined
Zashhas joined
Jefhas joined
Jefhas left
Jefhas joined
Alexhas left
Alexhas left
stpeterhas joined
Zash
stpeter, I've looked at DANE and DNA and stuff. It seems to be all about a client verifying a server that it's connecting to. Do you know if anyone tried dealing with the case where a server wants to auth an incoming client connection? I found some thread on the dane list, but it didn't lead anywhere.
stpeter
Zash: by "auth an incoming client connection" do you mean using SASL EXTERNAL and client certificates?
Zash
Yes
Zash
For s2s connections mainly
stpeter
ah, for s2s
stpeter
I added a bit of text about that to RFC 6125 IIRC, or maybe it just ended up in RFC 6120
Zash
in relation to DANE?
stpeter
no
stpeter
because DANE didn't exist back then :)
Zash
Right
stpeter
basically, in s2s each server would handle things mostly in the same way, because the connection needs to be validated in each direction -- hold for URL about some more specific text
Zash
The undefined bit seems to be where to look for a TLSA record when you have an incomming connection
Zash: Jeff Hodges and I need to update RFC 6125 to incorporate the thinking from DANE, but it was such a lot of work the first time around that we don't want to open the can of worms again