> 2. Consensus that the current secure="true" flag on the BOSH <body/> > element is useless. Jack Moffitt recommended removing this and adding a > security consideration about what the BOSH connection manager should > accept and not accept from the XMPP server. He and I will work on text.
I was at the Operators group while you discussed BOSH. Could somebody elaborate why the secure flag is useless? Is only the attribute useless or the complete key stuff we use for security now when we are not on https. Alex
