[Standards] XMPP Council Agenda 2020-06-24

Ruslan N. Marchenko me at ruff.mobi
Tue Jun 23 20:06:53 UTC 2020


Am Dienstag, den 23.06.2020, 18:55 +0200 schrieb Jonas Schäfer:
> Hi everyone,
> 
...
> 4a) PR#963: PR#963: XEP-0178: Clarify SASL-EXTERNAL specification
> when s2s 
> auth fails
> URL: https://github.com/xsf/xeps/pull/963
> Abstract: A while back it was discussed that XEP-0178 (SASL-EXTERNAL) 
> for s2s 
> was kinda misleading - it says that server should close connection
> if 
> authentication fails but it seems that "everyone" (at least
> Prosody[0] and 
> ejabberd) actually fallbacks to dialback in that case.
> 
Isn't it a classic downgrade attack? Reflecting status quo is not
always the best thing to do.

>    [0]: https://issues.prosody.im/1006
> 
> 



More information about the Standards mailing list