[Standards] XEP-0178 1.1rc3

Philipp Hancke fippo at goodadvice.pages.de
Thu Apr 14 21:30:21 UTC 2011

Peter Saint-Andre wrote:
> I *think* that this discussion thread leads to the following text in
> Section 3, but please double-check it.
> ###
> [...]
> 10. Server1 considers EXTERNAL to be its preferred SASL mechanism. For
> server-to-server authentication the<auth/>  element MUST NOT include an
> authorization identity (thus Server1 includes an empty response of "="
> as shown in RFC 6120).
> <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='EXTERNAL'>=</auth>
> Interoperability Note: Previous versions of this specification relied on
> the authorization identity being present on the receiving server. Even
> though this is no longer required, the connecting server should include
> it for backward compability.

MUST NOT include but should include for backward compability?
Include it always and blame it on me (even though I don't have the old 
logs from 2006).

I am not sure if backward compability really matters, the last time I 
checked I offered EXTERNAL to three servers... jabber.org, 
dave.cridland.net and some host running prosody.

> 11. Server2 determines if hostname is valid.
>     a.  If the 'from' attribute of stream header sent by Server1 can be
> matched against one of the identifiers provided in the certificate
> following the matching rules from RFC 6125, Server2 returns success.
>        <success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>
>        Implementation Note: If Server2 needs to assign an authorization
> identity during SASL negotiation, it SHOULD use the value of the 'from'
> attribute of the stream header sent by Server1.


More information about the Standards mailing list