[Standards] XEP-0198 unclear wording
stpeter at stpeter.im
Wed Jun 1 22:30:11 UTC 2011
On 5/28/11 4:14 AM, Tomasz Sterna wrote:
> "2. Stream Feature
> After negotiating use of TLS and authenticating via SASL, the receiving
> entity returns a new stream header [...]"
> This is a bit unclear to me.
> Does it mean that XEP-0198 requires using TLS encryption and
> What if the client does not want (or cannot due to resource constraints)
> to use TLS encryption?
> What about S2S links? These are mostly not SASL authenticated.
The server can offer stream management feature whenever it pleases, but
typically in c2s streams it would do so only after SASL auth. Naturally
things are different for s2s. I'll clarify that a bit in the next
version of the spec.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 6105 bytes
Desc: S/MIME Cryptographic Signature
More information about the Standards