On 1/31/19 8:58 AM, Jonas Schäfer wrote:
> So since during the summit, it was desired to have a breaking change to SASL2
> (that’s rare, isn’t it?), I have two suggestions for things which could use
> fixing and which could trigger a namespace bump and one thing which should be
> mentioned independently:
>
>
> 1. xml:lang on : The error messages could use xml:lang support, like
> stanza and RFC 6120 sasl errors do (with multiple elements in
> different languages).
>
> 2. Is there a particular reason why the thing uses plain strings as
> its values instead of a mechanism like , where namespaced
> elements with possible child elements / text are used?
>
> 3. We should mention in the security considerations that clients should be
> careful which requests they include in the initial especially
> when no transport security is in use; if the SASL method allows mutual
> authentication (e.g. SCRAM), a client might find that they’re not actually
> connected to the server and have just sent possibly private data to them.
That all seems reasonable.
Peter
signature.asc
Description: OpenPGP digital signature
___
Standards mailing list
Info: https://mail.jabber.org/mailman/listinfo/standards
Unsubscribe: standards-unsubscr...@xmpp.org
___