[standards-jig] auth & reg redux

David Waite mass at akuma.org
Mon Jun 2 05:24:27 UTC 2003


We probably should add some error code to indicate the connection isn't 
secure enough to allow registration.

-David Waite

Matt Tucker wrote:

> Peter,
>
> I know that we have SASL to replace auth, but is there something in 
> the pipeline to replace register? Also, register is probably secure 
> enough *if* you're using TLS. :)
>
> -Matt
>
> Peter Saint-Andre wrote:
>
>> So it seems like this "esecret" and "edigest" stuff was premature. I'm
>> going to remove that content from JEPs 77 and 78 respectively. I'm also
>> going to add information about deprecating these protocols. Well, at
>> least for jabber:iq:auth. Any thoughts on deprecating jabber:iq:register
>> as well? It does seem woefully insecure, so my feeling is that we would
>> do best to put both of these protocols on a schedule for review and 
>> potential deprecation by the Council -- every six months seems to be 
>> about right.
>
>
>
>
> _______________________________________________
> Standards-JIG mailing list
> Standards-JIG at jabber.org
> http://mailman.jabber.org/listinfo/standards-jig






More information about the Standards mailing list