[Standards] NEW: XEP-0440 (SASL Channel-Binding Type Capability)
daniel at gultsch.de
Thu Jul 16 10:33:47 UTC 2020
Am Do., 16. Juli 2020 um 10:13 Uhr schrieb Florian Schmaus <flo at geekplace.eu>:
> If you send 'y', which implies that you, the client, did not select a
> -PLUS mechanism for authentication, while the server announces at least
> one SCRAM-*-PLUS mechanism, then the server may suspect a MitM attack
> and terminates the connection.
Yes. But that's the desired behaviour, no?
More information about the Standards