[Standards] rfc3920bis: SASL "fallback" on auth failure
hildjj at gmail.com
Wed Mar 26 17:07:03 UTC 2008
On Mar 26, 2008, at 5:11 AM, Alexey Melnikov wrote:
>>> - If not, and we can use a negotiated security layer, what happens
>>> when you try to switch to a SASL mechanism that doesn't support that
>>> security layer?
>> If the client's minimum security level requires a security layer,
>> then the client should never pick a mechanism that does not have one.
> Exactly. The client should require some minimal security layer from
> TLS and/or SASL.
My point is what happens if the first (failing) mechanism had
negotiated a security layer as a prelude to doing authentication? Is
that security layer still in effect when you try the new mechanism?
If the new mechanism negotiates it's own security layer, will there be
multiple layers in effect?
More information about the Standards