Mercurial > prosody-wiki

annotate mod_s2s_auth_dane.wiki @ 435:fae8b0661edf

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add info about _xmpp-server IN TLSA
author Kim Alvefur <zash@zash.se>
date Mon, 10 Mar 2014 16:08:19 +0100
parents 31cf9ab1d440
children 6e91b7ab36c1
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
417
880259dc82a8 DANE \o/
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 #summary S2S authentication using DANE
880259dc82a8 DANE \o/
Kim Alvefur <zash@zash.se>
parents:
diff changeset
2 #labels Stage-Alpha, Type-S2SAuth
880259dc82a8 DANE \o/
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3
880259dc82a8 DANE \o/
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4 = Introduction =
880259dc82a8 DANE \o/
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5
880259dc82a8 DANE \o/
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6 This module implements DANE as described in
880259dc82a8 DANE \o/
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7 [http://tools.ietf.org/html/draft-miller-xmpp-dnssec-prooftype Using DNS Security Extensions (DNSSEC) and DNS-based Authentication of Named Entities (DANE) as a Prooftype for XMPP Domain Name Associations].
880259dc82a8 DANE \o/
Kim Alvefur <zash@zash.se>
parents:
diff changeset
8
880259dc82a8 DANE \o/
Kim Alvefur <zash@zash.se>
parents:
diff changeset
9 However it covers only outgoing server-to-server connections.
880259dc82a8 DANE \o/
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10
435
fae8b0661edf Add info about _xmpp-server IN TLSA
Kim Alvefur <zash@zash.se>
parents: 418
diff changeset
11 For incoming connections, an experimental method is used, but requires another TLSA record.
fae8b0661edf Add info about _xmpp-server IN TLSA
Kim Alvefur <zash@zash.se>
parents: 418
diff changeset
12
417
880259dc82a8 DANE \o/
Kim Alvefur <zash@zash.se>
parents:
diff changeset
13 = Dependecies =
880259dc82a8 DANE \o/
Kim Alvefur <zash@zash.se>
parents:
diff changeset
14
880259dc82a8 DANE \o/
Kim Alvefur <zash@zash.se>
parents:
diff changeset
15 This module requires a DNSSEC aware DNS resolver. Prosodys internal DNS
880259dc82a8 DANE \o/
Kim Alvefur <zash@zash.se>
parents:
diff changeset
16 module does not support DNSSEC. Therefore, to use this module, a
880259dc82a8 DANE \o/
Kim Alvefur <zash@zash.se>
parents:
diff changeset
17 replacement is needed, such as
418
31cf9ab1d440 Update luaunbound link
Kim Alvefur <zash@zash.se>
parents: 417
diff changeset
18 [http://code.zash.se/luaunbound this libunbound and LuaJIT FFI based one].
417
880259dc82a8 DANE \o/
Kim Alvefur <zash@zash.se>
parents:
diff changeset
19
880259dc82a8 DANE \o/
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20 = Configuration =
880259dc82a8 DANE \o/
Kim Alvefur <zash@zash.se>
parents:
diff changeset
21
880259dc82a8 DANE \o/
Kim Alvefur <zash@zash.se>
parents:
diff changeset
22 This module has no options. Just add it to `modules_enabled`;
880259dc82a8 DANE \o/
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23
880259dc82a8 DANE \o/
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24 {{{
880259dc82a8 DANE \o/
Kim Alvefur <zash@zash.se>
parents:
diff changeset
25 modules_enabled = {
880259dc82a8 DANE \o/
Kim Alvefur <zash@zash.se>
parents:
diff changeset
26 ...
880259dc82a8 DANE \o/
Kim Alvefur <zash@zash.se>
parents:
diff changeset
27 "s2s_auth_dane";
880259dc82a8 DANE \o/
Kim Alvefur <zash@zash.se>
parents:
diff changeset
28 }
880259dc82a8 DANE \o/
Kim Alvefur <zash@zash.se>
parents:
diff changeset
29 }}}
880259dc82a8 DANE \o/
Kim Alvefur <zash@zash.se>
parents:
diff changeset
30
435
fae8b0661edf Add info about _xmpp-server IN TLSA
Kim Alvefur <zash@zash.se>
parents: 418
diff changeset
31 = DNS Setup =
fae8b0661edf Add info about _xmpp-server IN TLSA
Kim Alvefur <zash@zash.se>
parents: 418
diff changeset
32
fae8b0661edf Add info about _xmpp-server IN TLSA
Kim Alvefur <zash@zash.se>
parents: 418
diff changeset
33 {{{
fae8b0661edf Add info about _xmpp-server IN TLSA
Kim Alvefur <zash@zash.se>
parents: 418
diff changeset
34 _xmpp-server._tcp IN SRV 0 0 5269 xmpp
fae8b0661edf Add info about _xmpp-server IN TLSA
Kim Alvefur <zash@zash.se>
parents: 418
diff changeset
35 _5269._tcp.xmpp IN TLSA 3 0 1 E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
fae8b0661edf Add info about _xmpp-server IN TLSA
Kim Alvefur <zash@zash.se>
parents: 418
diff changeset
36 _xmpp-server IN TLSA 3 0 1 E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
fae8b0661edf Add info about _xmpp-server IN TLSA
Kim Alvefur <zash@zash.se>
parents: 418
diff changeset
37 }}}
fae8b0661edf Add info about _xmpp-server IN TLSA
Kim Alvefur <zash@zash.se>
parents: 418
diff changeset
38
417
880259dc82a8 DANE \o/
Kim Alvefur <zash@zash.se>
parents:
diff changeset
39 = Compatibility =
880259dc82a8 DANE \o/
Kim Alvefur <zash@zash.se>
parents:
diff changeset
40
880259dc82a8 DANE \o/
Kim Alvefur <zash@zash.se>
parents:
diff changeset
41 Requires 0.9 or above.