[standards-jig] Small Footprint Clients and Authentication

Jacek Konieczny jajcus at bnet.pl
Fri May 30 07:32:18 UTC 2003


On Fri, May 30, 2003 at 10:34:16AM +1000, Robert Norris wrote:
> Perhaps implementing DIGEST-MD5 should be a MUST requirement for
> servers, and a SHOULD requirement for clients? 
why?

> Same for the TLS stuff.
> That way, a client can not implement something if it doesn't work for
> its particular circumstances?

If it is not a MUST, we will get a lot of compliant clients with no
security features at all.

Everybody may create "nearly XMPP compliant" client if he wants. But
"XMPP compliant" client should be as secure as XMPP protocol may be.

Greets,
	Jacek



More information about the Standards mailing list