[Standards] NEW: XEP-0440 (SASL Channel-Binding Type Capability)

Daniel Gultsch daniel at gultsch.de
Thu Jul 16 10:33:47 UTC 2020


Am Do., 16. Juli 2020 um 10:13 Uhr schrieb Florian Schmaus <flo at geekplace.eu>:

> If you send 'y', which implies that you, the client, did not select a
> -PLUS mechanism for authentication, while the server announces at least
> one SCRAM-*-PLUS mechanism, then the server may suspect a MitM attack
> and terminates the connection.

Yes. But that's the desired behaviour, no?


More information about the Standards mailing list