Matthew Beacher wrote:
David Waite wrote:
I do not want to use transport encryption, because
1) it does not provide any solid security because of existing
non-encrypted connections, and because you cannot guarantee trust of
the remote endpoint across hops (in real-world terms, "a friend of a
friend of a friend once told me about this guy" should not have the
same amount of trust as actually knowing the person being talked
about directly.)
2) it is impractical for many embedded applications.
3) it puts unneccessary load on the server
-David Waite
The use of Transport Encryption is not up to the server, if a
Transport Encryption is negoshiated during SASL, you must use it, if
it is nigoshiated. This is according to cyrus SASL docs.
I don't believe I said otherwise.
-David Waite
_______________________________________________
jdev mailing list
[EMAIL PROTECTED]
http://mailman.jabber.org/listinfo/jdev
