[Standards] Anonymous SASL and Presence

Dave Cridland dave at cridland.net
Tue Jun 30 16:09:34 UTC 2009


On Tue Jun 30 16:46:04 2009, Eloi Bail wrote:
> To authenticate to a XMPP server, I must implement encryption. I  
> wanted to
> test without it, to have a XMPP client as light as possible...
> I have to go strait to SASL with encryption so...
> 
> 
Oh...

Although the specification says that plaintext authentication MUST  
NOT be offered without an encryption layer in place, I'm not aware of  
any server that does not offer a configuration where plaintext  
authentication without any TLS is allowed.

I'm pretty sure that the majority of deployments offer both SASL  
PLAIN, and the older XEP-0078, without any TLS or other encryption.

That said, there are also lots of SASL libraries and TLS libraries,  
for almost every language, so if you *are* implementing encryption,  
that's probably a bad thing anyway. :-)

Dave.
-- 
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade



More information about the Standards mailing list