[ejabberd] s2s & TLS & multiple domains

Tony Finch dot at dotat.at
Tue Jul 17 22:56:24 MSD 2007


On Mon, 16 Jul 2007, Mickaël Rémond wrote:
>
> This is not needed for ejabberd_s2s_in. The other end does not need perform
> any check on it.

Um, blimey. How does the s2s_out know it has connected to the right server
and isn't being spoofed? I thought the point of all this TLS+SASL EXTERNAL
stuff was secure mutual authentication between servers. Hmm, I see that
XEP 178 doesn't talk about s2s_in's certificate or s2s_out verifying it.
This seems like a catastrophic omission to me.

Tony.
-- 
f.a.n.finch  <dot at dotat.at>  http://dotat.at/
IRISH SEA: SOUTHERLY, BACKING NORTHEASTERLY FOR A TIME, 3 OR 4. SLIGHT OR
MODERATE. SHOWERS. MODERATE OR GOOD, OCCASIONALLY POOR.


More information about the ejabberd mailing list