[ejabberd] s2s & TLS & multiple domains
dot at dotat.at
Tue Jul 17 22:56:24 MSD 2007
On Mon, 16 Jul 2007, Mickaël Rémond wrote:
> This is not needed for ejabberd_s2s_in. The other end does not need perform
> any check on it.
Um, blimey. How does the s2s_out know it has connected to the right server
and isn't being spoofed? I thought the point of all this TLS+SASL EXTERNAL
stuff was secure mutual authentication between servers. Hmm, I see that
XEP 178 doesn't talk about s2s_in's certificate or s2s_out verifying it.
This seems like a catastrophic omission to me.
f.a.n.finch <dot at dotat.at> http://dotat.at/
IRISH SEA: SOUTHERLY, BACKING NORTHEASTERLY FOR A TIME, 3 OR 4. SLIGHT OR
MODERATE. SHOWERS. MODERATE OR GOOD, OCCASIONALLY POOR.
More information about the ejabberd