[
https://issues.apache.org/jira/browse/VYSPER-288?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13056742#comment-13056742
]
Bernd Fondermann commented on VYSPER-288:
-----------------------------------------
+1. If you can tackle this, I'll be standing by. I won't get to it immediately,
but know what to do.
> Announcing in-band registration although StartTLS might be required (first)
> ---------------------------------------------------------------------------
>
> Key: VYSPER-288
> URL: https://issues.apache.org/jira/browse/VYSPER-288
> Project: VYSPER
> Issue Type: Bug
> Reporter: Bernd Fondermann
> Priority: Blocker
>
> Right now, in-band registration is announced before a mandatory switch to TLS
> has been accomplished.
> I think we should not do that. However, I don't know if the feature still
> works over TLS. But I'd strongly suspect so, because, hey, it's a
> registration.
> After crossreading XEP-0077, I don't see why we should allow for doing regs
> over an unencrypted wire.
> WDYT?
> (Marking as a blocker, because of potential security implications. However,
> in-band is not enabled by default, is it?)
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
