For Gaim, it sends registration related information (password etc.) after a successful TLS negotiation, so the stream is protected, not in cleartext I think.
In my previous post, I want to ask if I should let my codes do some checking after TLS negotiation and before SASL negotiation. Now my codes start SASL immediately after a successful TLS negotiation and this is what I understand from the XMPP spec. On 18/08/05, Matthias Wimmer <[EMAIL PROTECTED]> wrote: > Hi Chen, Hao, > > note that the XMPP spec does not know about jabber:iq:register. You can > read the RFC that after TLS negotiation you have to login using SASL. > But is it really what you want to enforce the client? Doing that would > mean you require the client to register for the new account using an > unprotected stream, which is very bad as for the registration the > password is transmitted in clear. > > > Tot kijk > Matthias > > Chen, Hao wrote: > > >I am implementing TLS and SASL for JiveMessenger. Gaim Jabber client > >works very well with my new codes (for those registered account). But, > >when I use Gaim to register a new account, I find that Gaim will send > >registration information after a successful TLS negotiation, whereas > >my codes are expecting SASL negotiation after TLS negotiation. > > > >According to the XMPP spec: section 5.1, rule 12, "If the TLS > >negotiation is successful, the initiating entity MUST continue with > >SASL negotiation." > > > >So, Can I say this problem is not from my codes but Gaim Jabber > >implementation? > > > >Regards > > > > > > _______________________________________________ > jdev mailing list > [email protected] > http://mail.jabber.org/mailman/listinfo/jdev > -- Chen, Hao _______________________________________________ jdev mailing list [email protected] http://mail.jabber.org/mailman/listinfo/jdev
