stpeter at jabber.org
Fri Jun 13 12:53:52 CDT 2003
On Fri, Jun 13, 2003 at 11:16:40AM -0600, Joe Hildebrand wrote:
> "If the entity is already registered, the IQ result MUST NOT contain
> instructions and empty registration fields; "
> Can this at least be weakened to a SHOULD NOT, if not removed altogether?
> It makes the client-writers job hard, since you still have to show this to a
Yeah, sorry, that should've been SHOULD.
> 3.2, there are other error cases
> -removing an unknown user
True, I'll add those.
> There should probably be a thing that says that re-setting the password for
> an existing account (one with <registered/>) SHOULD NOT have an effect.
Sure, that falls out of the "already registered" case.
> That's an iq:auth thing.
> Oh... That needs to be in 0078, too. Sigh. That probably futzes with the
> SHOULD NOT's for plaintext.
Yes, that's a separate use case in 78. I'll add that. You should only
change the password if the channel is encrypted, and a server may choose
to ignore password changes that are sent if the channel is not encrypted
(subject to service provisioning rules blah blah blah).
More information about the Council