SASL mechanisms require the FQDN of the host being connected to[1]. With
xbosh, you can't always tell what the FQDN of the real server is.
For example, when connecting with no route: <body to='example.com'>,
discovery of the XMPP server via SRV is done by the xbosh server, and the
result isn't communicated back to the client. Even when connecting with a
route: <body to='example.com' route='xmpp2.example.com:5222'>, the xbosh
server is allowed to silently ignore it.
For SASL, what should be used as the server's FQDN? The FQDN of the xbosh
server doesn't make sense, since it's usually not involved in SASL. It
seems like the only thing available is the service name ("to" in the session
creation request, ignoring "from" in the response as the xbosh server is
allowed to replace it arbitrarily for some reason), but that doesn't seem
correct.
I'm not sure if any implementations care about this, but I don't want to see
XMPP servers which don't work through xbosh because they expect this to be
more precise than it supports.
(Even with that, a conformant implementation of SASL seems impossible: some
SASL mechanisms actually require both the hostname originally connected to,
"serv-name", and the hostname actually connected to through service
discovery, "host". I'm not sure if anybody implements that anyway, though.
It's simply omitted in the SASL implementations I've looked at.)
[1] http://tools.ietf.org/html/rfc2831#section-2.1.2
--
Glenn Maynard
