[Standards] Feedback to Compliance Suites 2020

Evgeny xramtsov at gmail.com
Thu Oct 10 08:01:56 UTC 2019


On Thu, Oct 10, 2019 at 10:52 AM, JC Brand <lists at opkode.com> wrote:
> You're arguing against a point nobody made.
> 
> Nobody advocated using BOSH to bypass restrictions in XEP-0198.
> The issue Georg mentioned isn't due to anything in XEP-0198.
> 
> The issue is with the SASL anonymous login mechanism not allowing you 
> to
> reconnect with the same JID, which happens **before** trying to 
> resume a
> XEP-0198 session.

The issue is *exactly* due to limitation in XEP-0198 that you're trying 
to bypass with BOSH: since XEP-0198 doesn't allow you to resume a 
session without re-authentication (and with SASL ANONYMOUS you cannot 
re-authenticate with the same JID), you resort to use BOSH to bypass 
this restriction, since it's *implicitly* using session identifiers as 
authentication tokens.



More information about the Standards mailing list