Topic Last Modified: 2012-10-21
The settings for the negotiation types in the configuration of an XMPP Partner have a wide variety of possible combinations. Not all of these combinations are valid. The table detailed in this topic will define the valid and not valid settings. Common configurations are presented in the first table, the second table detailing all possible combinations. Note that you cannot have Simple Authentication and Security Layer (SASL) unless Transport Layer Security (TLS) is also available. SASL is sent in an unencrypted (readable) format and should never be transmitted unless protected by another means, such as TLS.
Common XMPP Federation Negotiation Methods
Transport Layer Security (TLS) | Simple Authentication and Security Layer (SASL) | Dialback Authentication | Expected Authentication Method(s) | Notes |
---|---|---|---|---|
Required |
Required |
False |
SASL over TLS |
TLS and SASL required helps to ensure that the SASL message stream is secure. Dialback is not available and cannot be used for a fallback method if the XMPP federated partner has not set TLS to required or optional. |
Required |
Optional |
True |
SASL over TLS, TLS Dialback, TCP Dialback |
By requiring TLS, if the XMPP federated partner has set SASL to optional or required SASL is used. If SASL is not available, Dialback over TLS will be used. |
Optional |
Optional |
True |
SASL over TLS, TLS Dialback, TCP Dialback |
While very flexible in the negotiation methods offered, these settings rely on the XMPP federation partner’s settings. If the partner has TLS optional or required but SASL is not supported, TLS Dialback will be available. If the partner has TLS and SASL set to optional or required, the optimal selection of TLS over SASL is used. |
Not Supported |
Not Supported |
True |
TCP Dialback |
In many cases, TCP Dialback is the only possible solution. Less desirable than other options, it does provide some level of trust. |
XMPP Federation Negotiation Methods Matrix - Complete
Transport Layer Security (TLS) | Simple Authentication and Security Layer (SASL) | Dialback Authentication | Expected Authentication Method | Notes, Warning or Error for Not Valid Configuration | ||||
---|---|---|---|---|---|---|---|---|
Required |
Required |
True |
SASL over TLS |
|
||||
Required |
Required |
False |
SASL over TLS |
|||||
Optional |
Required |
True |
SASL over TLS, TLS Dialback, TCP Dialback |
|
||||
Optional |
Required |
False |
SASL over TLS |
|
||||
Not Supported |
Required |
True |
TCP Dialback |
|
||||
Not Supported |
Required |
False |
|
|
||||
Required |
Optional |
True |
SASL over TLS, TLS Dialback |
|||||
Required |
Optional |
False |
SASL over TLS |
|||||
Optional |
Optional |
True |
SASL over TLS, TLS Dialback, TCP Dialback |
|
||||
Optional |
Optional |
False |
SASL over TLS |
|
||||
Not Supported |
Optional |
True |
TCP Dialback |
|
||||
Not Supported |
Optional |
False |
|
|
||||
Required |
Not Supported |
True |
TLS Dialback |
Configuration allows for TLS Dialback. |
||||
Required |
Not Supported |
False |
Not Valid Configuration |
|
||||
Optional |
Not Supported |
True |
TLS Dialback, TCP Dialback |
Based on negotiation choices of the other end point, TCP or TLS Dialback will be accepted. |
||||
Optional |
Not Supported |
False |
Not Valid Configuration |
|
||||
Not Supported |
Not Supported |
True |
TCP Dialback |
TCP Dialback is the only negotiation method available |
||||
Not Supported |
Not Supported |
False |
Not Valid Configuration |
|