From aa96595b05b399f8b3eca080781886b63ce54593 Mon Sep 17 00:00:00 2001
From: mvisode <mili.verma@isode.com>
Date: Fri, 3 Mar 2017 14:31:39 +0000
Subject: [PATCH] Clarification

Clarified to avoid reliance on insecure DNS queries for determination of hostname
---
 xep-0233.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/xep-0233.xml b/xep-0233.xml
index db955815..0e1943da 100644
--- a/xep-0233.xml
+++ b/xep-0233.xml
@@ -88,7 +88,7 @@
   <p>An XMPP client will initiate a connection to the XMPP server.</p>
   <p>The XMPP server will communicate its hostname in a child element of the &lt;mechanisms/&gt; element during SASL negotation, as allowed by <cite>RFC 6120</cite> (see Section 6.3.5 and the schema for the 'urn:ietf:params:xml:ns:xmpp-sasl' namespace in Appendix A.4).</p>
   <p>This child element is &lt;hostname/&gt; qualified by the 'urn:xmpp:domain-based-name:1' namespace. &NSNOTE;.</p>
-  <p>The XML character data of the &lt;hostname/&gt; element specifies the fully-qualified name of the XMPP server. This should be used for constructing the Kerberos principal name and is independent of the usual rules that an XMPP client uses for establishing a network connection to the XMPP server.</p>
+  <p>The XML character data of the &lt;hostname/&gt; element specifies the fully-qualified name of the XMPP server. This should be used for constructing the Kerberos principal name and is independent of the usual rules that an XMPP client uses for establishing a network connection to the XMPP server which may use insecure DNS queries (also see &rfc4120;).</p>
 </section1>
 
 <section1 topic='Kerberos Principal Name in the GSS-API environment' anchor='principal'>