[Jabber-IETF] Agenda items
mass at akuma.org
Wed Oct 9 19:16:23 CDT 2002
I assert that existing implementations will return an error to the user
if they send a sasl:mechanism request - maybe we should send a request
always, rather than expecting our definition of the sasl namespace
indicates a request? e.g.
<stream:stream to='example.com' xmlns='jabber:client'
if a server does not understand SASL authentication, it would respond with
<error code='406'>Not Acceptable</error></saslish:mechanisms>
Joe Hildebrand wrote:
>One compromise way, which doesn't require the <stream:stream> to have a
>xmlns:sasl, and doesn't break existing implementations, is for the result of
>the iq/get/auth to include a flag to tell the client that it can use sasl.
><iq id='jcl_1' type='result'>
> <query xmlns='jabber:iq:auth'>
> <sasl xmlns='http://www.iana.org/assignments/sasl-mechanisms'/>
>Yes, this has the downside of your still having to send the username in the
>iq/get/auth, but that's a price we pay for backward-compatibility.
More information about the xmppwg