[jdev] S2S questions - from attribute and version support

Peter Saint-Andre stpeter at jabber.org
Fri Dec 30 09:57:38 CST 2005

Justin Karneges wrote:
> Hi Vinod,
> I just wanted to mention that I ran into the same trouble.  When I was working 
> on my server implementation, I had compatibility problems because other 
> servers went against RFC 3920 by including version='1.0' in s2s when they 
> didn't actually support SASL.

So they are not XMPP-compliant. File a bug report. ;-)

> The RFC definitely needs to be updated about this.  

RFCs are not updated, they are superseded. We'll start working on that 
after we have an XMPP interop event. Stay tuned for details, I'm 
planning that now.

> I think this topic has 
> come up often enough that it is not something to brush aside as an 
> implementation note.  For now, servers implementors seem to be taking matters 
> into their own hands, and so not only do we have 1.0 without SASL, but we 
> have TLS+dialback.  These things are not in the RFC.

I'd say that rfc3920bis will *not* get rid of the requirement for SASL. 
If anything, it will get rid of dialback (we could write that up in an 
informational RFC or historical JEP).

> On Friday 30 December 2005 02:42, Vinod Panicker wrote:
>> On 12/30/05, Matthias Wimmer <m at tthias.net> wrote:
>>> The point of version="1.0" is that you will get the <stream:features/>
>>> element.
>> Yes, but RFC 3920 states -
>>    3.  When a receiving entity that complies with this specification
>>        receives an initial stream header that includes the 'version'
>>        attribute set to a value of at least "1.0", after sending a
>>        stream header in reply (including the version flag), it MUST
>>        include a <starttls/> element (qualified by the
>>        'urn:ietf:params:xml:ns:xmpp-tls' namespace) along with the list
>>        of other stream features it supports.
>> And since the RFC also states -
>>    12. If the TLS negotiation is successful, the initiating entity MUST
>>        continue with SASL negotiation.
>> So I infer from the above that any entity that would specify its
>> version to be 1.0 would have support for TLS as well.  And if TLS is
>> done successfully, SASL MUST be done as well.

That is correct.

>> Thats why I said that any server that advertises version=1.0 MUST also
>> support TLS+SASL.  Pls do correct me if I'm wrong.

You are correct.


Peter Saint-Andre
Jabber Software Foundation
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3641 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20051230/431b0e46/attachment-0002.bin>

More information about the JDev mailing list