[Standards] Re: [Standards-JIG] UPDATED: XEP-0178 (Best Practices for Use of SASL EXTERNAL)

Matthias Wimmer m at tthias.eu
Fri Jan 26 20:19:03 UTC 2007

Hi Peter!

Peter Saint-Andre schrieb:
>> Not sure. That would mean, that if SASL EXTERNAL fails for temporarily 
>> reasons, that a server stops using it for future authentication attempts.
> No, I mean the server would offer SASL EXTERNAL the next time but the 
> client would try a different mechanism. Alternatively, the server could 
> return a SASL failure for EXTERNAL but not close the stream, in which 
> case the client could try another mechanism. The SASL spec has some text 
> about the number of retries a server might allow, and I'll look at that 
> again. But right now I am deeply involved in cleaning up the text about 
> server dialback in rfc3920bis (don't worry, I'm making no modifications 
> to the logic, just better examples and more error flows!).

Sorry, I wrote "server" but did mean "s2s-client". If for temporarily 
reasons the destination-server does not accept the certificate of the 
connecting entity (e.g. problems allocating memory to verify the 
certificate), the connecting entity would not try to use SASL EXTERNAL 
again for the next connection, no?

Tot kijk

Matthias Wimmer      Fon +49-700 77 00 77 70
Züricher Str. 243    Fax +49-89 95 89 91 56
81476 München        http://ma.tthias.eu/

More information about the Standards mailing list