[Standards] Re: [Standards-JIG] UPDATED: XEP-0178 (Best Practices for Use of SASL EXTERNAL)
m at tthias.eu
Fri Jan 26 20:19:03 UTC 2007
Peter Saint-Andre schrieb:
>> Not sure. That would mean, that if SASL EXTERNAL fails for temporarily
>> reasons, that a server stops using it for future authentication attempts.
> No, I mean the server would offer SASL EXTERNAL the next time but the
> client would try a different mechanism. Alternatively, the server could
> return a SASL failure for EXTERNAL but not close the stream, in which
> case the client could try another mechanism. The SASL spec has some text
> about the number of retries a server might allow, and I'll look at that
> again. But right now I am deeply involved in cleaning up the text about
> server dialback in rfc3920bis (don't worry, I'm making no modifications
> to the logic, just better examples and more error flows!).
Sorry, I wrote "server" but did mean "s2s-client". If for temporarily
reasons the destination-server does not accept the certificate of the
connecting entity (e.g. problems allocating memory to verify the
certificate), the connecting entity would not try to use SASL EXTERNAL
again for the next connection, no?
Matthias Wimmer Fon +49-700 77 00 77 70
Züricher Str. 243 Fax +49-89 95 89 91 56
81476 München http://ma.tthias.eu/
More information about the Standards