Alexeach message comes twice here with the latest Psi version
luca tagliaferrihas joined
Zashstpeter, I've looked at DANE and DNA and stuff. It seems to be all about a client verifying a server that it's connecting to. Do you know if anyone tried dealing with the case where a server wants to auth an incoming client connection? I found some thread on the dane list, but it didn't lead anywhere.
stpeterZash: by "auth an incoming client connection" do you mean using SASL EXTERNAL and client certificates?
ZashFor s2s connections mainly
stpeterah, for s2s
stpeterI added a bit of text about that to RFC 6125 IIRC, or maybe it just ended up in RFC 6120
Zashin relation to DANE?
stpeterbecause DANE didn't exist back then :)
stpeterbasically, in s2s each server would handle things mostly in the same way, because the connection needs to be validated in each direction -- hold for URL about some more specific text
ZashThe undefined bit seems to be where to look for a TLSA record when you have an incomming connection