On Oct 24, 2007 at 3:47 PM Peter Saint-Andre wrote: > Mark Doliner wrote: > > Oh Oct 24, 2007 at 3:38 PM Peter Saint-Andre wrote: > >> Mark Doliner wrote: > >>> On Oct 24, 2007 at 1:50 PM Peter Saint-Andre wrote: > >>>> 6. XEP-0175: Best Practices for Use of SASL ANONYMOUS > >>>> > >>>> Approve version 1.1pre1? > >>>> > >>>> All Council members in attendance voted +1. Ralph to vote on the > list. > >>>> Dave raised issue about possible confusion regarding trace data. > >> Council > >>>> wordsmithed an acceptable solution during the meeting: > >>>> > >>>> http://svn.xmpp.org:18080/browse/XMPP/trunk/extensions/xep- > >>>> 0175.xml?r1=1297&r2=1310 > >>> The revised text says, "although RFC 4505 allows the initiating entity > >> (client) to provide so-called 'trace data' when authenticating via SASL > >> ANONYMOUS, it is NOT RECOMMENDED to include trace data as the XML > >> character data of the <auth/> element (instead, the <auth/> element > SHOULD > >> be empty). However, if trace data is included, the server MUST NOT use > it > >> for any purpose other than tracing (e.g., in server logs)." > >>> However, this seems to conflict with section 7.5.5 of draft- > saintandre- > >> rfc3920bis-04 [1] which shows a "malformed-request" failure when this > data > >> is provided for SASL ANONYMOUS. > >> > >> I think I already fixed that: > >> > >> http://svn.xmpp.org:18080/browse/XMPP/trunk/internet-drafts/draft- > >> saintandre-rfc3920bis-05.xml?r1=1294&r2=1296 > > > > Oh, er, is "[ ... extremely-long-token ... ]" intended to imply that the > token is unusably long, like a million characters or something absurd? > > It's intended to mean that it violates the rule from RFC 4505: > > token = 1*255TCHAR
I see, thanks. For what it's worth that wasn't immediately obviously to me from reading the spec, but I'm not used to reading specs. -Mark
