[jdev] S2S questions - from attribute and version support

Philipp Hancke fippo at goodadvice.pages.de
Sat Dec 31 02:07:11 CST 2005


Justin Karneges wrote:
 > For now, servers implementors seem to be taking matters
 > into their own hands, and so not only do we have 1.0
 > without SASL, but we have TLS+dialback.
What if SASL is implemented but there are no usable methods?

Let us assume we have successfully used starttls.
The server will only offer SASL PLAIN or DIGEST-MD5 for s2s
authentication if there is a shared secret between the two parties.

The server will only offer SASL EXTERNAL if the certificate presented
by the client (server) meets certain criteria (see
http://mail.jabber.org/pipermail/jdev/2005-November/022309.html).

What if both mechanisms are not usable (and therefore not offered)?

This is why tls+dialback is currently necessary.

Philipp




More information about the JDev mailing list