[
https://issues.apache.org/jira/browse/VYSPER-288?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13056733#comment-13056733
]
Niklas Gustavsson commented on VYSPER-288:
------------------------------------------
Depending on what we mean by default, it is enabled in
org.apache.vysper.xmpp.server.ServerMain. I would support removing it as
enabled in that class, as well as only support it over TLS (if that works with
the common clients). Let me know if you want me to work on this.
> Announcing in-band registration although StartTLS might be required (first)
> ---------------------------------------------------------------------------
>
> Key: VYSPER-288
> URL: https://issues.apache.org/jira/browse/VYSPER-288
> Project: VYSPER
> Issue Type: Bug
> Reporter: Bernd Fondermann
> Priority: Blocker
>
> Right now, in-band registration is announced before a mandatory switch to TLS
> has been accomplished.
> I think we should not do that. However, I don't know if the feature still
> works over TLS. But I'd strongly suspect so, because, hey, it's a
> registration.
> After crossreading XEP-0077, I don't see why we should allow for doing regs
> over an unencrypted wire.
> WDYT?
> (Marking as a blocker, because of potential security implications. However,
> in-band is not enabled by default, is it?)
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
