On Fri Jun 18 15:08:17 2010, paddy joesoap wrote:
Hi all,
Does XMPP support the idea of restricting certain types of s2s
authentication by IP addresses or DNS names?
No.
For example, I may want to permit SASL External over TLS
communication
with IP addresses, 1.2.3.4 and 5.6.7.8 but will allow IP address
a.b.c.d access via dialback.
However, nothing at all prevents a server from doing that - I don't
think any do right now, but that's no barrier at all. It'd be more
likely to define such authentication requirements in terms of peer
domains, rather than IP addresses.
In some cases, it might even be desirable to have no authentication
other than the session emanates from a known IP address.
Much of what you're discussing is outside the scope of the standards,
and the protocol, and has a lot more to do with what individual
implementors have decided to offer.
Dave.
--
Dave Cridland - mailto:[email protected] - xmpp:[email protected]
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
