Am Dienstag, den 23.06.2020, 18:55 +0200 schrieb Jonas Schäfer: > Hi everyone, > ... > 4a) PR#963: PR#963: XEP-0178: Clarify SASL-EXTERNAL specification > when s2s > auth fails > URL: https://github.com/xsf/xeps/pull/963 > Abstract: A while back it was discussed that XEP-0178 (SASL-EXTERNAL) > for s2s > was kinda misleading - it says that server should close connection > if > authentication fails but it seems that "everyone" (at least > Prosody[0] and > ejabberd) actually fallbacks to dialback in that case. > Isn't it a classic downgrade attack? Reflecting status quo is not always the best thing to do.
> [0]: https://issues.prosody.im/1006 > > _______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
