"2. Stream Feature After negotiating use of TLS and authenticating via SASL, the receiving entity returns a new stream header [...]"
This is a bit unclear to me. Does it mean that XEP-0198 requires using TLS encryption and authentication? What if the client does not want (or cannot due to resource constraints) to use TLS encryption? What about S2S links? These are mostly not SASL authenticated. -- Tomasz Sterna Instant Messaging Consultant : Open Source Developer http://tomasz.sterna.tv/ http://www.xiaoka.com/
