Matthew Beacher wrote:
1) Can the User Registration that is built into SASL be used to join a Jabber Server or must the Jabber Registration system (as stated in http://www.jabber.org/protocol/registration.html ) be used? I ask because SASL has built in registration and authentication, and I am unsure how to tap into the SASL password files.AFAIK, SASL does not have user registration, just authentication. You may have seen the mechanism registration, which is the procedure for having the IANA recognize new authentication mechanisms.
2) How felxable should a server be in the order of receved elements? Should a server be hard line on receving elements in the order listed, or should it be more open in the ordering, so long as all required elements are there?Ordering of child elements within a stanza does not matter in the existing namespaces. Please let us know if you see documentation which contradicts this :-)
3) Has anyone else thought that all servers should require SASL encription level of at least 40 (read 40 bit encription), and that with this there should be an addition to Jabber:Server:DialBack and SASL so that Server to server comunications are encripted, because what is the good of a message that is only encripted some of the time.Since you cannot specify a required delivery path or required security parameters (read: only on encrypted connections, to servers with a certificate signed by a client-trusted CA), SSL cannot and should not be used for end-to-end encryption. There is an informational draft which describes how many existing clients use OpenPGP for end-to-end encryption, and there are proposals on how to do this with the W3C XML Encryption recommendation.
-David Waite
_______________________________________________
jdev mailing list
[EMAIL PROTECTED]
http://mailman.jabber.org/listinfo/jdev
