On Mon, 25 Apr 2011, XMPP Extensions Editor wrote:
Version 0.9 of XEP-0220 (Server Dialback) has been released.
Abstract: This specification defines the Server Dialback protocol, which is
used between XMPP servers to provide identity verification. Server Dialback
uses the Domain Name System (DNS) as the basis for verifying identity; the
basic approach is that when a receiving server accepts a server-to-server
connection from an originating server, it does not process traffic over the
connection until it has verified a key with an authoritative server for the
domain asserted by the originating server. Although Server Dialback does not
provide strong authentication or trusted federation and although it is subject
to DNS poisoning attacks, it has effectively prevented most instances of
address spoofing on the XMPP network since its development in the year 2000.
Changelog: To reduce the possibility of confusion, harmonized the protocol
sections so that they show only the first dialback negotiation from Originating
Server to Receiving Server. (psa)
Congratulations, you managed not to fix the from/to bugs, despite having a
patch ( http://hancke.name/jabber/ilovelovelovebugsinexamples.patch )
This is ridiculous.
