-
Guus
RFC 6120 Section 8.1.1.2, point 2 defines that the 'to' attributes domain-part must match a validated domain of the receiving server. Does this exclude usages of a server acting as a gateway to another domain?
-
MattJ
No, because the gateway would accept the target domain?
-
Kev
If you're going to do relaying, you need the relaying server to be able to authenticate itself as the receiving server to the sending server.
-
Kev
(Or settings in the sending server to override authentication such that it does)
-
Guus
Kev: what do you mean by the latter? Sounds like simply ignoring the authenticated domain on the sending server?
-
Kev
In M-Link you can say, roughly, "When you want to send to guus.example, make an s2s connection to trunking.example" and it'll accept a certificate for trunking.example when authenticating guus.example.
-
Guus
ack.
-
Guus
Thanks
-
Kev
(trunking.example then makes its own S2S connection to guus.example, claiming to be sender.example, which it has to authenticate, in order to do the relaying, so guus.example then has to trust trunking.example as sender.example)
-
Kev
XMPP Trunking (as Steve likes to call it, and I don't have a better name) gets quite complicated quite quickly with auth.