XSF Discussion - 2012-08-29

  1. Jef has left
  2. Jef has joined
  3. Jef has left
  4. Alex mail
  5. Alex ups sorry
  6. Alex each message comes twice here with the latest Psi version
  7. Alex has left
  8. Kev has joined
  9. Alex has left
  10. luca tagliaferri has joined
  11. Zash has joined
  12. Jef has joined
  13. Jef has left
  14. Jef has joined
  15. Alex has left
  16. Alex has left
  17. stpeter has joined
  18. Zash stpeter, I've looked at DANE and DNA and stuff. It seems to be all about a client verifying a server that it's connecting to. Do you know if anyone tried dealing with the case where a server wants to auth an incoming client connection? I found some thread on the dane list, but it didn't lead anywhere.
  19. stpeter Zash: by "auth an incoming client connection" do you mean using SASL EXTERNAL and client certificates?
  20. Zash Yes
  21. Zash For s2s connections mainly
  22. stpeter ah, for s2s
  23. stpeter I added a bit of text about that to RFC 6125 IIRC, or maybe it just ended up in RFC 6120
  24. Zash in relation to DANE?
  25. stpeter no
  26. stpeter because DANE didn't exist back then :)
  27. Zash Right
  28. stpeter basically, in s2s each server would handle things mostly in the same way, because the connection needs to be validated in each direction -- hold for URL about some more specific text
  29. Zash The undefined bit seems to be where to look for a TLSA record when you have an incomming connection
  30. stpeter http://xmpp.org/rfcs/rfc6120.html#security-certificates-validation-server
  31. stpeter Zash: right
  32. stpeter Zash: Jeff Hodges and I need to update RFC 6125 to incorporate the thinking from DANE, but it was such a lot of work the first time around that we don't want to open the can of worms again
  33. luca tagliaferri has left
  34. Jef has left
  35. Jef has joined
  36. Zash has joined
  37. stpeter has left
  38. Jef has left
  39. Neustradamus has left
  40. Jef has joined
  41. Neustradamus has joined