[snip] > > In one line: TLS does encryption of the TCP connection, SASL does > authentiction of the IM user. > > The login process of an XMPP client using XMPP-1.0 goes as follows: > 1. Client makes a normal TCP connection to the XMPP server. This is not > encrypted or anything; just a socket. > 2. Client and server exchange some XML so tell eachother that they > support TLS. Still not encrypted. > 3. Client and server do TLS handshake so that they can encrypt data over > that socket from then on. > 4. Client and server exchange some more XML to authenticate the IM user > with SASL. > > SASL is basically a lot of different ways to authenticate. In SASL, a > way to authenticate is called a mechanism. > > For example: > - plaintext: just send the password and username > - digest: send the MD5 of some random data + plaintext password > - sspi: Windows authentication > - ... more exist but are used only in specific cases such as for keycard > based authentication or iris scanners or whatever ;-) >
Great this was just what I was hoping to hear! I was confused by the title Security Layer. I thought there might be some sort of encryption layer that I wasn't aware of. Thanks > Most clients (and servers) only support the first two mechanisms. > > Take a look at the XML traffic console of Pandion or Exodus to see TLS > and SASL being used when you log in. > Then compare it with the data that you see in Ethereal or some other > network sniffer. TLS takes place before SASL. > _______________________________________________ > jdev mailing list > [email protected] > http://mail.jabber.org/mailman/listinfo/jdev
signature.asc
Description: This is a digitally signed message part
_______________________________________________ jdev mailing list [email protected] http://mail.jabber.org/mailman/listinfo/jdev
