Clarification

Clarified to avoid reliance on insecure DNS queries for determination of hostname
This commit is contained in:
mvisode 2017-03-03 14:31:39 +00:00 committed by Sam Whited
parent 4fe2bbe25c
commit aa96595b05
1 changed files with 1 additions and 1 deletions

View File

@ -88,7 +88,7 @@
<p>An XMPP client will initiate a connection to the XMPP server.</p>
<p>The XMPP server will communicate its hostname in a child element of the &lt;mechanisms/&gt; element during SASL negotation, as allowed by <cite>RFC 6120</cite> (see Section 6.3.5 and the schema for the 'urn:ietf:params:xml:ns:xmpp-sasl' namespace in Appendix A.4).</p>
<p>This child element is &lt;hostname/&gt; qualified by the 'urn:xmpp:domain-based-name:1' namespace. &NSNOTE;.</p>
<p>The XML character data of the &lt;hostname/&gt; element specifies the fully-qualified name of the XMPP server. This should be used for constructing the Kerberos principal name and is independent of the usual rules that an XMPP client uses for establishing a network connection to the XMPP server.</p>
<p>The XML character data of the &lt;hostname/&gt; element specifies the fully-qualified name of the XMPP server. This should be used for constructing the Kerberos principal name and is independent of the usual rules that an XMPP client uses for establishing a network connection to the XMPP server which may use insecure DNS queries (also see &rfc4120;).</p>
</section1>
<section1 topic='Kerberos Principal Name in the GSS-API environment' anchor='principal'>