[dane] Questions about rfc7673 as it pertains to XMPP

Stephen Paul Weber Tue, 24 Oct 2023 12:13:38 -0700

Hello there, I have some questions about RFC7673 (DANE SRV) from the perspective of XMPP. Especially because XMPP is used as an example in the document, there is an implication that *both* of TLS SNI *and* <stream to="..."> are meant to be the same and each set to the SRV target name (hostname) rather than the SRV lookup name (service name). However, actually doing so would only work in one case, where the service name and hostname happen to be the same, such as if SRV is only being use to specify a port number for direct TLS.

In any other case it would be necessary (and in line with all existing pracise) to send SNI and <stream to="..."> for the service name and not the host name, so that the XMPP server can know what service is being talked about, what users are valid, etc. Of course, I think since rfc7673 is "generic advice" we could override this specific for XMPP without too much trouble, but it's a bit extra awkward because the RFC uses us as an example, so I'm looking for clarity on what is suggests what it does.


Thank you,

signature.asc
Description: PGP signature

_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane

[dane] Questions about rfc7673 as it pertains to XMPP

Reply via email to