[Standards] Correction to 3290bis4
Alexey Melnikov
alexey.melnikov at isode.com
Fri Nov 2 03:44:11 CDT 2007
Peter Saint-Andre wrote:
>Toly Menn wrote:
>
>
>>Also, section 7.3.4 indicates that the receiving end of the
>>connection SHOULD allow at least 2 and no more then 5 retries from
>>the abort. Does this make sense for s2s connections? EXTERNAL
>>mechanism?
>>
>>
>That rule (which IIRC we borrowed from RFC 4422) may not make sense for
>all SASL mechanisms or for s2s connections.
>
Agreed.
>However, for c2s connections
>it may make sense for SASL EXTERNAL because end users can have multiple
>certificates (I know I do).
>
As a side note: how do you select a particular certificate using SASL
EXTERNAL? Are you using different authorization identity in a hope that
the server end will match it against the correct client certificate.
More information about the Standards
mailing list