On Tue, Aug 30, 2005 at 08:33:19AM +0200, Jacek Konieczny wrote: > That seems like an error in the specification. StartTLS is required for > implementation, but may be disabled and <stream:features/> element is exactly > for this -- showing which features are available and enabled and which are > not.
My take on this was that it was broken-as-designed. That is, the intent was that one could not offer TLS and still be spec compliant. It's a goad to try an overcome the historical reluctance to implement proper encryption for protocols. > > Is there a way to say "Hey, I do > > support TLS but it is NOT enabled at the moment"? > > I guess, omitting <starttls/> in the feature list is still the only way > to do that. That would be the logical approach. As written, though, the spec allows clients to break if you do. -r _______________________________________________ jdev mailing list [email protected] http://mail.jabber.org/mailman/listinfo/jdev
