On Friday, June 22, 2012 09:48:18 AM Todd Herman wrote: > We are currently looking into implementing serverless messaging. The > specification (and the XMPP: The Definitive Guide) both mention that > serverless messaging does not use SASL or TLS by default so it isn't > secure. Has anyone looked into an appropriate way to implement this > functionality? I get TLS but I am a little confused by SASL since it > would require having user names and passwords stored which seems to almost > contradict the point of serverless messaging. > > Any thoughts?
If both the client and server authenticate via TLS, then the SASL EXTERNAL mechanism can be used. Justin
