stpeter at jabber.org
Thu Jun 12 23:28:50 CDT 2003
On Wed, Jun 11, 2003 at 02:20:56PM -0600, Joe Hildebrand wrote:
> 78: -1.
> - There needs to be a digest example
> - This phrase is unclear after example 3:
> "(note that any non-ASCII characters MUST be properly escaped)." Escaped
> how? &x0000;? Shouldn't UTF-8 be good enough?
> - When can error 409 happen? There probably needs to be some narrative on
> example 6.
> - Under security considerations, there needs to be a reference to the
> upgrade attack. If the client speaks plaintext but the server doesn't, a
> man-in-the-middle can trick the client into revealing the plaintext
> password, so clients SHOULD NOT implement plaintext, in particular.
Added. Please reload and review, then let me know if the changes address
More information about the Council