[Council] ping

Peter Saint-Andre stpeter at jabber.org
Thu Jun 12 23:28:50 CDT 2003

On Wed, Jun 11, 2003 at 02:20:56PM -0600, Joe Hildebrand wrote:

> 78: -1.  
> - There needs to be a digest example
> - This phrase is unclear after example 3:
> "(note that any non-ASCII characters MUST be properly escaped)."  Escaped
> how?  &x0000;?  Shouldn't UTF-8 be good enough?  
> - When can error 409 happen?  There probably needs to be some narrative on
> example 6.
> - Under security considerations, there needs to be a reference to the
> upgrade attack.  If the client speaks plaintext but the server doesn't, a
> man-in-the-middle can trick the client into revealing the plaintext
> password, so clients SHOULD NOT implement plaintext, in particular.

Added. Please reload and review, then let me know if the changes address
your concerns:




More information about the Council mailing list