[jdev] S2S questions - from attribute and version support

Philipp Hancke fippo at goodadvice.pages.de
Sat Dec 31 02:07:11 CST 2005

Justin Karneges wrote:
 > For now, servers implementors seem to be taking matters
 > into their own hands, and so not only do we have 1.0
 > without SASL, but we have TLS+dialback.
What if SASL is implemented but there are no usable methods?

Let us assume we have successfully used starttls.
The server will only offer SASL PLAIN or DIGEST-MD5 for s2s
authentication if there is a shared secret between the two parties.

The server will only offer SASL EXTERNAL if the certificate presented
by the client (server) meets certain criteria (see

What if both mechanisms are not usable (and therefore not offered)?

This is why tls+dialback is currently necessary.


More information about the JDev mailing list