El Tue, 19 Dec 2017 10:23:32 +0100
Manuel Mely <mm...@mmely.de> escribió:
> Supongo que los tiros andan por aquí [1]
>
> A compliant client implementation MUST support both TLS and SASL for
> connections to a server.
>
> The TLS protocol for encrypting XML streams (defined under Use of
> TLS) provides a reliable mechanism for helping to ensure the
> confidentiality and data integrity of data exchanged between two
> entities.
>
> The SASL protocol for authenticating XML streams (defined under Use
> of SASL) provides a reliable mechanism for validating that a client
> connecting to a server is who it claims to be.
>
> Client-to-server communications MUST NOT proceed until the DNS
> hostname asserted by the server has been resolved. Such resolutions
> SHOULD first attempt to resolve the hostname using an [SRV] Service
> of "xmpp-client" and Proto of "tcp", resulting in resource records
> such as "_xmpp-client._tcp.example.com." (the use of the string
> "xmpp-client" for the service identifier is consistent with the IANA
> registration). If the SRV lookup fails, the fallback is a normal
> IPv4/IPv6 address record resolution to determine the IP address,
> using the "xmpp-client" port 5222, registered with the IANA.
>
> The IP address and method of access of clients MUST NOT be made
> public by a server, nor are any connections other than the original
> server connection required. This helps to protect the client's server
> from direct attack or identification by third parties.
>
> 1- https://xmpp.org/rfcs/rfc3920.html
>
Se agradece la explicacion, ingles o no, la cosa es que Fumero no tiene
el control del dns y lo necesita. Primer paso, tener el control,
segundo paso poner el record srv, creeme Fumero que lo demas es
trivial, solo que tengan visibilidad entre esos dos jabber.
______________________________________________________________________
Lista de correos del Grupo de Usuarios de Tecnologías Libres de Cuba.
Gutl-l@jovenclub.cu
https://listas.jovenclub.cu/cgi-bin/mailman/listinfo/gutl-l