XSF Discussion - 2012-08-29

  1. Jef has left

  2. Jef has joined

  3. Jef has left

  4. Alex


  5. Alex

    ups sorry

  6. Alex

    each message comes twice here with the latest Psi version

  7. Alex has left

  8. Kev has joined

  9. Alex has left

  10. luca tagliaferri has joined

  11. Zash has joined

  12. Jef has joined

  13. Jef has left

  14. Jef has joined

  15. Alex has left

  16. Alex has left

  17. stpeter has joined

  18. Zash

    stpeter, I've looked at DANE and DNA and stuff. It seems to be all about a client verifying a server that it's connecting to. Do you know if anyone tried dealing with the case where a server wants to auth an incoming client connection? I found some thread on the dane list, but it didn't lead anywhere.

  19. stpeter

    Zash: by "auth an incoming client connection" do you mean using SASL EXTERNAL and client certificates?

  20. Zash


  21. Zash

    For s2s connections mainly

  22. stpeter

    ah, for s2s

  23. stpeter

    I added a bit of text about that to RFC 6125 IIRC, or maybe it just ended up in RFC 6120

  24. Zash

    in relation to DANE?

  25. stpeter


  26. stpeter

    because DANE didn't exist back then :)

  27. Zash


  28. stpeter

    basically, in s2s each server would handle things mostly in the same way, because the connection needs to be validated in each direction -- hold for URL about some more specific text

  29. Zash

    The undefined bit seems to be where to look for a TLSA record when you have an incomming connection

  30. stpeter


  31. stpeter

    Zash: right

  32. stpeter

    Zash: Jeff Hodges and I need to update RFC 6125 to incorporate the thinking from DANE, but it was such a lot of work the first time around that we don't want to open the can of worms again

  33. luca tagliaferri has left

  34. Jef has left

  35. Jef has joined

  36. Zash has joined

  37. stpeter has left

  38. Jef has left

  39. Neustradamus has left

  40. Jef has joined

  41. Neustradamus has joined