On 4/14/11 10:12 PM, Philipp Hancke wrote: > Peter Saint-Andre wrote: > [...] >>> I do not see any conflicts. As noted on the XMPPWG list, DNA actually >>> requires support for dialback errors, but otherwise I do not see why it >>> would not work as described. >> >> So, in DNA, if a DNSSEC-based verification doesn't work out, the >> Authoritative Server returns an error, not "invalid"? > > The Authoritative Server (in the dialback sense) is not involved - there > is no dial-back. > > [...] > >>>>> If it never uses dial-back, why should the receiving server send >>>>> 'invalid' instead of 'error'? >>>> >>>> Could you clarify that scenario? >>> >>> The receiving server will only "forward" invalid, never generate it >>> itself. >> >> Hmm, yes. > > I just noticed that the current DNA draft does not use 'invalid' in this > way: >> If there are no DNSSEC records or the >> signature is not valid, then the server rejects the request to send >> stanzas from that domain. [...] >> R: <db:result type='invalid' from='sender.tld' to='target.tld' /> > > I think using a dialback error (possibly <not-authorized/>) is more > appropriate in that situation.
Right, thus my confusion. Peter -- Peter Saint-Andre https://stpeter.im/
smime.p7s
Description: S/MIME Cryptographic Signature