[Council] meeting minutes, 2007-01-03
Ralph Meijer
jabberfoundation at ralphm.ik.nu
Fri Jan 5 13:41:29 CST 2007
On Fri, Jan 05, 2007 at 11:55:34AM -0700, Peter Saint-Andre wrote:
> [.. stuff I will comment on later ..]
>
> Well, I think the examples in 9.1 are that way to show the difference
> between the SASL mechanisms on offer before TLS is negotiated and the
> SASL mechanisms on offer after TLS is negotiated. Since TLS is required,
> the server would need to reject an attempt at SASL negotiation at that
> stage. But I need to review the SASL and TLS specs again to see whether
> that example makes sense.
No. If you say TLS is required to be able to do SASL (ie. no mechanisms
available before TLS is established), you shouldn't advertise SASL
before TLS has been established.
On the other hand, to proceed all the way to sending stanzas, you need
to do SASL. If you want to offer SASL mechanisms without TLS being
established, you should make SASL required. If you offer additional
mechanisms when TLS /is/ established, a client may also choose to do
TLS, but you don't have to make it required, unlike SASL which is
still required.
--
Groetjes,
ralphm
More information about the Council
mailing list