I am considering building a Jabber hosting service where users can
have accounts under their own domain names. It's kind of like
Dreamhost's Jabber service, except that my service will not have web
hosting or email :-).
The XMPP spec does not accommodate some of the things that I'd like to
do. At
В сообщении от Четверг 15 Сентябрь 2005 10:02 Steven Peterson написал(a):
I am considering building a Jabber hosting service where users can
have accounts under their own domain names. It's kind of like
Dreamhost's Jabber service, except that my service will not have web
hosting or email :-).
On Wednesday 14 September 2005 11:02 pm, Steven Peterson wrote:
Server dialback will work for my service, but the XMPP spec says that
dialback is documented for backward-compatiblity only. Is dialback
disappearing, or is it still in active use? I know the open source
servers support dialback.
1) DNS and s2s
My users' domain name will most likely resolve to a web host and not
to my service.
The authors of the XMPP spec anticipated this scenario by specifying
the use of SRV records to find the XMPP server for a domain. That's
all fine and dandy, except that I have not seen a DNS host
2) TLS and s2s
My users will not have certs for their domains, and even if they did,
I wouldn't want to be responsible for keeping their private keys
secret. TLS is not an option for my service.
Why not? You might think about obtaining cacert certs during
provisioning as a part of your
The forced host name is not relevant to TLS, just like the IP address
that it resolves to. All that matters is the desired Jabber domain. Users
have a bad enough time trying to determine whether or not something is
secure, and adding further rules/exceptions would only make it worse.
The
On Thursday 15 September 2005 04:56 pm, Steven Peterson wrote:
The forced host name is not relevant to TLS, just like the IP address
that it resolves to. All that matters is the desired Jabber domain.
Users have a bad enough time trying to determine whether or not something
is secure,
2) TLS and s2s
My users will not have certs for their domains, and even if they did,
I wouldn't want to be responsible for keeping their private keys
secret. TLS is not an option for my service.
Why not? You might think about obtaining cacert certs during
provisioning as a part of your
