<remark><p>Clarified order of lookups; restored _xmpp-client-tcp and added _xmpp-server-tcp as optional records if SRV is not supported or accessible.</p></remark>
</revision>
<revision>
<version>0.2</version>
<date>2005-12-05</date>
<initials>psa</initials>
<remark><p>Removed _xmpp-client-tcp from TXT records (belongs in SRV records only).</p></remark>
<p>Although &rfc3920; specifies the use of TCP as the method of connecting to an XMPP server, other connection methods are possible. These include the older &xep0025; method, the more recent &xep0124; method, and less common methods such as &wap;. For some of these methods, it is necessary to discover further parameters before connecting, such as the HTTP URL of an alternative connection manager. Currently, if a client application needs to discover connection methods before connecting to an XMPP service, the relevant information must be provided manually by a human user, which is cumbersome and error-prone. Thankfully, there are several potential ways to complete this pre-connection service discovery in an automated fashion:</p>
<li><p>Specify a &w3wsdl; definition (or other XML file format) and a canonical URL for that definition at a domain that offers XMPP services. Unfortunately, this approach requires access to the HTTP server for the domain (and quite possibly to the root directory thereof), which may be difficult for XMPP server administrators to arrange. In addition, it requires a client to retrieve the relevant file via HTTP before performing DNS lookups and XMPP connection; it would be more efficient to use recognized DNS methods since DNS lookups are already required by <cite>RFC 3920</cite>.</p></li>
<li><p>Specify a way to define the required service discovery information as part of the existing DNS SRV records (see &rfc2782;) for a domain that offers XMPP services. While this approach sounds promising, it is not feasible since the DNS SRV Target field can be used only to specify domain names and cannot be used to specify full URIs (such as the URL for an HTTP connection manager).</p></li>
<li><p>Specify a way to define the required service discovery using the "straightforward NAPTR" (S-NAPTR) profile of the Dynamic Delegation Discovery System (see &rfc3958; and &rfc3401;). Unfortunately, S-NAPTR also does not allow inclusion of full URIs, and thus does not meet the requirements for discovery of XMPP connection methods.</p></li>
<li><p>Specify a way to define the required service discovery using a new profile of the Dynamic Delegation Discovery System, which would be nearly identical to S-NAPTR except that it would specify only one app-service (most likely "xmpp") and allow inclusion of the DDDS "U" flag (see &rfc3404;), so that the output of a DDDS rule could be a URI. While this is a valid approach that is worth pursuing, the authors are concerned about the deployability of such an approach, especially for client-side applications (the main focus of this specification).</p></li>
<li><p>Specify a way to define the required service discovery information via properly-formatted DNS TXT records (see &rfc1464;). While this approach requires an update to the DNS records for the server domain, that is usually necessary in order to establish XMPP services in the first place. Furthermore, although there are some perils to be avoided in the use of DNS TXT records (e.g., wildcards), the technology is well understood and widely deployed (e.g., it is used by the <linkurl='http://www.openspf.org/'>Sender Policy Framework</link> and <linkurl='http://www.microsoft.com/mscorp/safety/technologies/senderid/default.mspx'>SenderID</link> email server verification technologies).</p></li>
<li>The attribute name SHOULD begin with the string "_xmpp-client-" or "_xmpp-server-" and SHOULD be registered as described in the <linkurl='#registrar'>XMPP Registrar Considerations</link> section of this document.</li>
<li>If the txt-data field contains only an attribute name (i.e., no unquoted "=" character followed by additional characters), the receiving application SHOULD interpret it as indicating the presence of the attribute or feature with no defined value.</li>
<li>If the txt-data field contains an unquoted "=" character, it MUST also contain an attribute value.</li>
</ol>
</section1>
<section1topic='Business Rules'anchor='bizrules'>
<p>The following business rules apply:</p>
<ol>
<li>TXT lookups MUST be used only as a fallback after the methods specified in <cite>RFC 3920</cite> have been exhausted.</li>
<li>A domain SHOULD NOT present information in DNS TXT records that is available via the DNS SRV records defined in <cite>RFC 3920</cite>. <note>However, a domain MAY present such information in DNS TXT records if SRV records are not supported or accessible. Any values (e.g., port numbers) presented via SRV records MUST be taken as canonical and MUST supersede values provided via TXT records.</note></li>
<li>The order of DNS TXT records SHOULD NOT be interpreted as significant by the presenting domain or the receiving entity.</li>
<p>The following examples show three DNS TXT resource records: the first indicates support for the httpbind connection method defined in XEP-0124 including the appropriate URL, the second indicates support for the httppoll connection method defined in XEP-0025 including the appropriate URL, and the third indicates support for WAP connections including the appropriate URL.</p>
<p>It is possible that advertisement of connection methods other than the standard TCP connection method may introduce security vulnerabilities, since a connecting entity (usually a client) might deliberately seek to connect using the method with the weakest security mechanisms (e.g., no channel encryption or relatively weak authentication). Care must be taken in determining which connection methods are appropriate to advertise.</p>