[Standards-JIG] stream:error for dialback with no SASL support
m at tthias.net
Mon Jul 26 19:19:17 UTC 2004
JD Conley schrieb am 2004-07-26 11:43:44:
> We rely on the fact that the X.509 certificates are trusted.
I have to agree ... EXTERNAL using certificates can work on a public
network very well - only problem for wide-spread usage would be that
most servers are run by individuals which I guess won't buy "official"
certificates. I guess I have to adjust my thinkings about this a bit.
It was very interesting to read your comments as they are from the view
of a corporate implementation. I am looking at it from the standpoint of
an open cummunity server admin.
> This logic sounds pretty close. The only issue is that if a server
> supports SASL it probably won't use it over dialback (SoapBox doesn't).
I did not want to do dialback if I did SASL on a connection.
> So you may never receive an xmlns:db on the incoming stream. And,
> technically, a SASL S2S connection can be mutually authenticated through
> TLS and SASL EXTERNAL so the incoming and outgoing stream can be on the
> same socket.
I may be wrong, but it has been discussed (on the xmppwg list I think)
if SASL streams can be bidirectional, and I thought the result was that
they are unidirectional as well. I'll have to check XMPP core again for
Fon: +49-(0)70 0770 07770 http://web.amessage.info
HAM: DB1MW xmpp:mawis at amessage.info
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: Digital signature
More information about the Standards