[
https://issues.apache.org/jira/browse/VYSPER-288?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13056747#comment-13056747
]
Niklas Gustavsson commented on VYSPER-288:
------------------------------------------
I've already created a patch and it works just fine with libpurple and Psi, so
I say we go for it.
Also, I think we should allow in-band regs on servers where TLS has been
disabled, similar to plain auth. But I'll leave that to you're other work.
> Announcing in-band registration although StartTLS might be required (first)
> ---------------------------------------------------------------------------
>
> Key: VYSPER-288
> URL: https://issues.apache.org/jira/browse/VYSPER-288
> Project: VYSPER
> Issue Type: Bug
> Reporter: Bernd Fondermann
> Priority: Blocker
>
> Right now, in-band registration is announced before a mandatory switch to TLS
> has been accomplished.
> I think we should not do that. However, I don't know if the feature still
> works over TLS. But I'd strongly suspect so, because, hey, it's a
> registration.
> After crossreading XEP-0077, I don't see why we should allow for doing regs
> over an unencrypted wire.
> WDYT?
> (Marking as a blocker, because of potential security implications. However,
> in-band is not enabled by default, is it?)
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
