[jdev] S2S questions - from attribute and version support

Vinod Panicker vinod.p at gmail.com
Fri Dec 30 04:42:43 CST 2005

On 12/30/05, Matthias Wimmer <m at tthias.net> wrote:
> Hi Vinod!
> Vinod Panicker schrieb:
> ><snip/>
> >
> >Does this mean that version 1.0 compliant servers can get away with
> >not supporting TLS+SASL?  I thought that was the whole point of
> >specifying version=1.0, since dialback is present in the RFC just for
> >legacy compliance.
> The point of version="1.0" is that you will get the <stream:features/>
> element.

Yes, but RFC 3920 states -

   3.  When a receiving entity that complies with this specification
       receives an initial stream header that includes the 'version'
       attribute set to a value of at least "1.0", after sending a
       stream header in reply (including the version flag), it MUST
       include a <starttls/> element (qualified by the
       'urn:ietf:params:xml:ns:xmpp-tls' namespace) along with the list
       of other stream features it supports.

And since the RFC also states -

   12. If the TLS negotiation is successful, the initiating entity MUST
       continue with SASL negotiation.

So I infer from the above that any entity that would specify its
version to be 1.0 would have support for TLS as well.  And if TLS is
done successfully, SASL MUST be done as well.

Thats why I said that any server that advertises version=1.0 MUST also
support TLS+SASL.  Pls do correct me if I'm wrong.


More information about the JDev mailing list