1
0
mirror of https://github.com/moparisthebest/xeps synced 2024-11-21 08:45:04 -05:00

Merge branch 'master' of athena.jabber.org:xmpp

This commit is contained in:
stpeter 2012-03-06 09:15:58 -07:00
commit 8e5a233f75
2 changed files with 19 additions and 8 deletions

View File

@ -397,7 +397,7 @@ send: <db:verify
<error type='cancel'>
<item-not-found xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
</error>
</db:result>
</db:verify>
]]></example>
<p>Upon receiving this &lt;db:verify/&gt; element, the Authoritative Server determines the validity of the dialback key provided in the XML character data of the element. This can be achieved for example by comparing the character data with the output of applying the same key generation mechanism that was (presumably) used for the generation of the key, using as input the values of the 'from', 'to', and 'id' attributes contained in the verification request and the secret known only to the Sender Domain:</p>
<code>

View File

@ -33,6 +33,15 @@
<email>dave.cridland@isode.com</email>
<jid>dave.cridland@isode.com</jid>
</author>
<revision>
<version>0.3</version>
<date>2012-02-22</date>
<initials>ph</initials>
<remark>
<p>Fixed wrong from/to in example comment.</p><!-- Torje -->
<p>Required support for dialback error handling if the connecting server uses bidi in combination with dialback</p>
</remark>
</revision>
<revision>
<version>0.2</version>
<date>2011-12-12</date>
@ -88,7 +97,7 @@ C: <bidi xmlns='urn:xmpp:bidi'/>
<p>Note: Since there is no reply to the request, it is possible to pipeline it.</p>
<p>After enabling bidirectionality, the connecting server continues to authenticate via SASL or requests to send stanzas for a domain pair with Server Dialback. The receiving server MUST NOT send stanzas to the peer before it has authenticated via SASL, or the peer's identity has been verified via Server Dialback. Note that the receiving server MUST NOT attempt to verify a dialback key on the same connection where the corresponding request was issued.</p>
<p>Also note that the receiving server MUST only send stanzas for which it has been authenticated - in the case of TLS/SASL based authentication, this is the value of the stream's 'to' attribute, whereas in the case of Server Dialback this is the inverse of any domain pair that has been used in a dialback request.</p>
<p>Finally, once bidirectionality is enabled, the receiving server MAY initiate Server Dialback authentications for other domains it hosts to any domain authenticated to be hosted by the connecting server. In particular, it may initiate Target Piggybacking for any target domain that has successfully been used as a source domain by the connecting server.</p>
<p>Finally, once bidirectionality is enabled, the receiving server MAY initiate Server Dialback authentications for other domains it hosts to any domain authenticated to be hosted by the connecting server. In particular, it may initiate Target Piggybacking for any target domain that has successfully been used as a source domain by the connecting server. Note that this implies that a connecting server that uses bidi and dialback MUST support dialback error conditions as defined in XEP 0220<note>Ideally, support for dialback errors would be signalled by a proper extension mechanism such as &lt;stream:features/&gt;. However, these are currently only sent from the receiving server to the connecting server and can therefore not be used for signalling support for dialback errors in the other direction.</note>.</p>
</section2>
</section1>
<section1 topic='Examples' anchor='examples'>
@ -135,8 +144,8 @@ S: <stream:stream xmlns='jabber:server' xmlns:db='jabber:server:dialback'
id='b5cd769b1dc292c6f6557fe76cabc4d112333f9a'
from='montague.lit' to='capulet.lit' version='1.0'>
S: <stream:features/>
<!-- At this point, S is allowed to send C stanzas from capulet.lit
since that is the value of 'to' in the stream open sent by C above.
<!-- At this point, S is allowed to send C stanzas from montague.lit to capulet.lit
since that is the value of 'from' in the stream open sent by C above.
-->
C: <iq from='juliet@capulet.lit/balcony' to='montague.lit' type='get'
id='8dfc70af'><query xmlns='urn:xmpp:ping'/></iq>
@ -174,9 +183,9 @@ S: <stream:features>
C: <bidi xmlns='urn:xmpp:bidi'/>
<db:result from='capulet.lit' to='montague.lit'>
e3f5cf21f12749ef2cf59269bc0118f35bc46b26</db:result>
<!-- At this point S may send from capulet.lit.
-->
S: <db:result from='montague.lit' to='capulet.lit' type='valid'/>
<!-- At this point S may send from montague.lit to capulet.lit.
-->
C: <iq from='juliet@capulet.lit/balcony' to='montague.lit' type='get'
id='8dfc70af'><query xmlns='urn:xmpp:ping'/></iq>
S: <iq from='montague.lit' to='juliet@capulet.lit/balcony' type='result'
@ -184,7 +193,9 @@ S: <iq from='montague.lit' to='juliet@capulet.lit/balcony' type='result'
S: <db:result from='conference.montague.lit' to='capulet.lit'>
1bac3ef56fed987cfe098c9785c654a5476ed765</db:result>
<!-- The above is also legal - S attempts to authenticate as
a different domain as well, presumably a MUC domain
a different domain as well, presumably a MUC domain.
note that S can do this form of multiplexing regardless
of the support for dialback errors since that was required by RFC 3920
-->
C: <db:result from='capulet.lit' to='conference.montague.lit' type='valid'/>
<!-- Now S can send as conference.m.l as well as C sending to that domain.
@ -215,6 +226,6 @@ C: <db:result from='capulet.lit' to='conference.montague.lit' type='valid'/>
<p>This document requires no interaction with &IANA;.</p>
</section1>
<section1 topic='Acknowledgements' anchor='ack'>
<p>Thanks to Justin Karneges.</p>
<p>Thanks to Justin Karneges and Torje Henriksen.</p>
</section1>
</xep>