[Standards] [Fwd: XEP78; Non-SASL Authentication]
Peter Saint-Andre
stpeter at stpeter.im
Wed Jan 23 22:26:42 CST 2008
Peter Saint-Andre wrote:
> It seems wrong to compare iq:auth to SASL or to say that iq:auth is less
> secure. SASL PLAIN over an unencrypted connection is less secure than
> iq:auth with digest password, whereas SASL EXTERNAL is probably more
> secure than iq:auth. It all depends on the mechanism used. Therefore I
> think it would be more accurate to describe the reasons for changing to
> SASL and remove the misleading text about iq:auth being less secure.
Here is a modified version:
http://www.xmpp.org/extensions/tmp/xep-0078-2.4.html
http://svn.xmpp.org:18080/browse/XMPP/trunk/extensions/xep-0078.xml
The agenda for the next Council meeting getting longer... :)
http://www.xmpp.org/council/agendas/2008-01-30.html
/psa
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/standards/attachments/20080123/cde12860/attachment-0001.bin
More information about the Standards
mailing list