Matt Miller wrote: [...]
[1] Dave Cridland - "Dialback. Now without Dialback"<http://blog.dave.cridland.net/?p=116>
If you re-read that carefully (neither Dave or I understood the full implications of that, see XEP-0288 0.2 for some more hints) you might notice that this "dialback" is used as a framework.
It works different from your approach like this: (client is the s2s tls client, server the s2s tls server) 1) client: I would like to send stanzas from montague.lit denmark.lit2) server checks it hosting denmark.lit and check (by any means available, with the lowest possible proof being certificate equality
3) server notifies client that it can start sending (or not). The advantage is that this is reusing what currently works:dialback (assuming that you have tls on all connections you can replace the XEP-0185 stuff with certificate equality and skip <db:verify/> at all), multiplexing and bidi.
It even enables us to get rid of what does not work (SASL EXTERNAL).It is limited in the sense that it does not allow any in-band challenge/response.
Depends on a good specification of dialback though :-p philipp -- <http://goo.gl/voEzk>
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.