[Standards] XEP-0178: Clarify SASL-EXTERNAL specification when s2s auth fails

Philipp Hancke fippo at goodadvice.pages.de
Wed Jul 1 12:23:32 UTC 2020


If the receiving server follows the process described in #9 of
   https://xmpp.org/extensions/xep-0178.html#s2s
which says that you do the authentication at this point (and then again
in #11) how can external fail?

If the receiving server can not authenticate the request its a policy 
decision to not offer external and maybe use dialback.

Am 30.06.20 um 17:59 schrieb Jonas Schäfer:
> Hi list,
> 
> (Editor hat on)
> 
> On behalf of the Council, I’d like to bring this pull request to the attention
> of the community:
> 
> https://github.com/xsf/xeps/pull/963
> 
> Input from server operators specifically would be welcomed to see if this
> change is in fact desirable or if you can see any issues with that. At least
> one member of the community has already expressed [1] that they think this may
> lead to downgrade attacks.
> 
> kind regards and thank you,
> Jonas
> 
>     [1]: https://mail.jabber.org/pipermail/standards/2020-June/037592.html
> 
> 
> _______________________________________________
> Standards mailing list
> Info: https://mail.jabber.org/mailman/listinfo/standards
> Unsubscribe: Standards-unsubscribe at xmpp.org
> _______________________________________________
> 


More information about the Standards mailing list