[Standards] TOTP and enforced password changes in SASL2
jonas at wielicki.name
Thu Aug 24 14:58:40 UTC 2017
On Donnerstag, 24. August 2017 12:59:56 CEST Dave Cridland wrote:
> Now that an update to XEP-0388 has been published, I thought I'd
> share what I've been trying to do with it.
All of this sounds in general sensible. I was first a bit confused as to why
you didn’t use the term "mechanism", but upon reading the updated XEP and your
earlier emails on that subject, it makes sense.
However, it seems to me as if much of this could be solved with a normal
stream feature without reworking how SASL authentication works in general in
By offering only e.g. <post-sasl-tasks xmlns="…"><task>PASSWORD-RESET</task></
post-sasl-tasks> in the <stream:features/> after the authenticating RFC 6120
SASL exchange, you’d achieve the same thing, afaict (except for the extra
round-trip for the stream reset). Or am I overlooking something?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: This is a digitally signed message part.
More information about the Standards