[Standards-JIG] re-authentication

Peter Saint-Andre stpeter at jabber.org
Thu Sep 28 20:34:06 UTC 2006


Section 3.8 of RFC 4422 states:

   Unless explicitly permitted in the protocol (as stated in the
   protocol's technical specification), only one successful SASL
   authentication exchange may occur in a protocol session.

Given that XMPP connections can be long-lived (you could be connected
for weeks or months!), it seems that we might want to define a way for
the server (i.e., receiving entity) to request re-authentication by the
initiating entity. (For example, perhaps the X.509 certificate you used
while authenticating expires during your session.)

On the other hand, I suppose the server could simply close the stream
with a <not-authorized/> error, but that's not very friendly.

Thoughts?

Keeping things the way they are now has the advantage of being simple...

Peter

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20060928/f70ab5f7/attachment.bin>


More information about the Standards mailing list