1) An email address
2) A string of US-ASCII (not containing '@') between 1 and 255 characters long
3) Nothing
Given the above, I don't quite understand is how ANONYMOUS is overkill. Granted, it's up to the implementations to understand the operational and security concerns; but that would also be true of any special SASL mechanism we invent for the purpose.
Notes: [1] RFC 2245: Anonymous SASL Mechanism <http://www.ietf.org/rfc/rfc2245.txt>
Joe Hildebrand wrote:
There are also cases where you just want the server to pick a full JID for you, and ANONYMOUS is overkill. Customers coming in to a customer service site is a good example.
It may make sense to come up with a UNIQUE SASL mechanism that tells
the server to create a new, unique JID, good for one shot.
-- - LW
GOT JABBER™? <http://www.jabber.org/>
_______________________________________________ jdev mailing list [email protected] http://mail.jabber.org/mailman/listinfo/jdev
