stpeter at jabber.org
Thu Sep 28 20:34:06 UTC 2006
Section 3.8 of RFC 4422 states:
Unless explicitly permitted in the protocol (as stated in the
protocol's technical specification), only one successful SASL
authentication exchange may occur in a protocol session.
Given that XMPP connections can be long-lived (you could be connected
for weeks or months!), it seems that we might want to define a way for
the server (i.e., receiving entity) to request re-authentication by the
initiating entity. (For example, perhaps the X.509 certificate you used
while authenticating expires during your session.)
On the other hand, I suppose the server could simply close the stream
with a <not-authorized/> error, but that's not very friendly.
Keeping things the way they are now has the advantage of being simple...
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
More information about the Standards