JD Conley wrote:
In my previous post, I want to ask if I should let my codes do some
checking after TLS negotiation and before SASL negotiation. Now my
codes start SASL immediately after a successful TLS negotiation and
this is what I understand from the XMPP spec.
You can't really assume that the client will do SASL after successful
TLS negotiation. They might negotiate compression, ACK, registration,
non-sasl auth, dialback, or some other stream feature.
In all the implementations I've seen this is allowed and SASL is not
necessarily even required on an XMPP stream.
RFC 3920 requires SASL authentication. Many existing Jabber ("XMPP 0.9")
servers will also accept JEP-0078 authentication but that is not part of
RFC 3920.
Peter
--
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.shtml
_______________________________________________
jdev mailing list
[email protected]
http://mail.jabber.org/mailman/listinfo/jdev
