[Standards] v1.1rc1 of XEP-0178 (Best Practices for Use of SASL EXTERNAL with Certificates)

Dave Cridland dave at cridland.net
Wed Oct 13 15:59:17 UTC 2010


On Wed Oct 13 13:05:43 2010, Philipp Hancke wrote:
> David Richards wrote:
>> Also, step  10 in section 3, xep-0178 conflicts with 3920bis step  
>> 9 in section 9.2.2.  178 indicates inclusion of authorization  
>> identity matching the from attribute of the server1 to server2  
>> stream element while 3920bis indicates an empty authorization  
>> identity.
> 
> I think the best strategy (right now) is to include the  
> authorization identity when sending (for backward compability  
> reasons) and to ignore it (and use the stream's 'from') as a  
> receiver.

No, as a server you MUST use the authorization identifier if  
provided. However, the sender MUST make these the same.

Dave.
-- 
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade



More information about the Standards mailing list