felixauringer commented on PR #3049: URL: https://github.com/apache/james-project/pull/3049#issuecomment-4545144091
> My interpretation was SASL = AUTH hence the code. I disregarded "security layer" That was mine too, at first. However, the *real* SASL security layers seem to be very rarely used nowadays. If you search for `security layer` in SASL RFCs, you'll find that most do not provide a security layer. RFC 4616 (SASL PLAIN): > The PLAIN SASL mechanism does not provide a security layer. RFC 7628 (SASL OAUTHBEARER): > SASL mechanisms using this document as their definition do not provide a data security layer; that is, they cannot provide integrity or confidentiality protection for application messages after the initial authentication. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
