XSF Discussion - 2022-06-30


  1. Guus

    RFC 6120 Section 8.1.1.2, point 2 defines that the 'to' attributes domain-part must match a validated domain of the receiving server. Does this exclude usages of a server acting as a gateway to another domain?

  2. MattJ

    No, because the gateway would accept the target domain?

  3. Kev

    If you're going to do relaying, you need the relaying server to be able to authenticate itself as the receiving server to the sending server.

  4. Kev

    (Or settings in the sending server to override authentication such that it does)

  5. Guus

    Kev: what do you mean by the latter? Sounds like simply ignoring the authenticated domain on the sending server?

  6. Kev

    In M-Link you can say, roughly, "When you want to send to guus.example, make an s2s connection to trunking.example" and it'll accept a certificate for trunking.example when authenticating guus.example.

  7. Guus

    ack.

  8. Guus

    Thanks

  9. Kev

    (trunking.example then makes its own S2S connection to guus.example, claiming to be sender.example, which it has to authenticate, in order to do the relaying, so guus.example then has to trust trunking.example as sender.example)

  10. Kev

    XMPP Trunking (as Steve likes to call it, and I don't have a better name) gets quite complicated quite quickly with auth.