[jdev] MD5 auth problem

Peter Saint-Andre stpeter at stpeter.im
Fri May 30 12:20:17 CDT 2008


On 05/25/2006 6:34 AM (!), Dave Cridland wrote:
> On Thu May 25 12:58:21 2006, Norman Rasmussen wrote:
>> mmm, all true.
> 
> Trouble is with security, it's hard to know which parts are paranoia,
> and which are sound precautions.
> 
>>   Either way Ulrich's users are going to have to provide
>> their password in 'plain' format at least once to start using jabber.
>> (either via a script on the web-site or via sasl or iq plain)
> 
> Yes.
> 
> I can't actually find anything in RFC3920 about transitioning, though.
> As far as I know, only ACAP and POP3 have the signalling required. It's
> possible that the thinking has changed on whether transitioning is
> "good" or not, though, I shall find out.
> 
> Transitioning might be something to raise during RFC3920bis development,
> perhaps.

Dave, did you ever look into this further?

Peter

-- 
Peter Saint-Andre
https://stpeter.im/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20080530/c516dd81/attachment-0002.bin>


More information about the JDev mailing list