[Standards] Anonymous SASL and Presence

Dave Cridland dave at cridland.net
Tue Jun 30 16:09:34 UTC 2009

On Tue Jun 30 16:46:04 2009, Eloi Bail wrote:
> To authenticate to a XMPP server, I must implement encryption. I  
> wanted to
> test without it, to have a XMPP client as light as possible...
> I have to go strait to SASL with encryption so...

Although the specification says that plaintext authentication MUST  
NOT be offered without an encryption layer in place, I'm not aware of  
any server that does not offer a configuration where plaintext  
authentication without any TLS is allowed.

I'm pretty sure that the majority of deployments offer both SASL  
PLAIN, and the older XEP-0078, without any TLS or other encryption.

That said, there are also lots of SASL libraries and TLS libraries,  
for almost every language, so if you *are* implementing encryption,  
that's probably a bad thing anyway. :-)

Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade

More information about the Standards mailing list