[Council] 77 and 78

Peter Saint-Andre stpeter at jabber.org
Mon Jun 16 15:49:30 CDT 2003

On Mon, Jun 16, 2003 at 02:40:49PM -0600, Joe Hildebrand wrote:

> > > Security considerations: this method may be used (MAY?)  I think it 
> > > should still be possible to use this approach with 1.0, if 
> > configured 
> > > in by both sides, but it SHOULD NOT be.
> > 
> > What does 1.0 mean at that point?
> Sorry.  XMPP 1.0/SASL.  If your server implements both SASL and iq/auth, you
> should be able to use iq/auth if you like.  I'll probably be implementing
> that in the telnet client upon occasion, anyway. :)

If both client and server implement SASL, they SHOULD use SASL. If a
client does not implement SASL, obviously it will have to use iq:auth,
but a server MAY disable that (or enable it only if the stream is
encrypted). Yes?

> There really ought to be a stream:feature for it though....

True, I'll add that as a note.

> > > Also, there are two paragraphs about plaintext here.  I like the 
> > > latter one, except for s/If a client attempts to use the plaintext 
> > > mechanism/If a client implements the plaintext mechanism/.
> > 
> > Yes, there are two paragraphs. First is about implementing 
> > the protocol in software. Second is about actually using what 
> > is implemented. These are two different things, no?
> Let's say it's confusing at best.  I'd like to be able to have a client
> implement plaintext if they want to over SSL/TLS, without violating a SHOULD
> NOT.

How about this for the text?


Client implementations MUST NOT make plaintext the default mechanism, 
and MUST warn the user that the plaintext mechanism is insecure. The
plaintext mechanism SHOULD NOT be used unless the underlying stream is
encrypted (using SSL or TLS) and the client has verified that the server
certificate is signed by a trusted certificate authority. A given domain
MAY choose to disable plaintext logins and password changes if the
stream is not properly encrypted, or disable them entirely. If a client 
attempts to use the plaintext mechanism, an upgrade attack is possible, 
in which a man-in-the-middle tricks the client into revealing the 
user's plaintext password.



Peter Saint-Andre
Jabber Software Foundation

More information about the Council mailing list