TUNNEL Profile
Click on the red underlined text to get to the source
...
The TUNNEL profile provides a mechanism for cooperating BEEP peers to
form an application-layer ...
... In one use of this profile, a BEEP peer implementing the TUNNEL
profile is co-resident with a firewall. An initiating machine inside
the firewall ...
... inadequate levels of authorization have been established. It is also
possible to use the TUNNEL profile to anonymize the true source of a
BEEP connection, in much the way a NAT ...
... service can be expected to lead to this error.) The same
would result if the destination did not support the TUNNEL profile.
initial proxy1 proxy2 final
...
... TUNNEL element looks like this:
<tunnel profile="http://xml.resource/org/profiles/SEP2"/>
Note the lack of an innermost no-attribute <tunnel ...
... tunnel fqdn="proxy2.example.com" port="604">
<tunnel profile="http://xml.resource/org/profiles/SEP2"/>
</tunnel ...
... BEEP greeting, or
the BEEP greeting offered does not include the TUNNEL profile, then
this too is treated as an error: the initiating transport connection
...
... element, and the identified server is
contacted and offers a BEEP greeting including the TUNNEL profile,
then the outermost element from the "tunnel ...
... the session, the semantics for the TUNNEL profile are ill-defined.
The TUNNEL profile MUST NOT be advertised in any greetings after
...
... semantics for the TUNNEL profile are ill-defined.
The TUNNEL profile MUST NOT be advertised in any greetings after
transport security has been negotiated.
...
...
This section lists the three-digit error codes the TUNNEL profile may
generate.
...
... (E.g., next hop could be contacted, but
malformed greeting or no TUNNEL profile advertised.)
553 Parameter invalid
...
... discussion of this.
However, the intent of the TUNNEL profile is to allow bidirectional
contact between two machines normally separated by a firewall ...
... offer a range of services with appropriate greetings, the TUNNEL
profile should be configured with care. It is reasonable to strictly
limit the hosts and services ...
... services that a proxy is allowed to contact. It
is also reasonable to limit the use of the TUNNEL profile to
authorized users, as identified by a SASL profile ...
... A single well-known port, 604, is allocated by the IANA to the TUNNEL
profile.
Protocol Number ...