[Security] Reminder :: Draft feedback on "C2C authentication using TLS"

Dirk Meyer dmeyer at tzi.de
Mon Aug 25 16:18:34 CDT 2008


Pedro Melo wrote:
> I think you should list all that have a chance of completing
> successfully. If my client support GPG but I didn't gave it my key, he
> should not announce it.
>
> And yes, as along as no personal, per-user information is sent on the
> disco#info replies, caps caching should be ok.

But if your client does not support GPG because it does not have the
key, isn't that user specific. How do clients handle plugins? I mean
many clients support plugins. If we both have the same clients with
the same version but I have a plugin installed with a feature you do
not have, how does caps caching work? Or are plugins added to the ver
hash?


Dirk

-- 
Beta. Software undergoes beta testing shortly before it's released.
Beta is Latin for 'still doesn't work.'


More information about the Security mailing list