On 19/11/2022 19.27, Matthew Wild wrote:
On Sat, 19 Nov 2022 at 17:52, Florian Schmaus <f...@geekplace.eu> wrote:I was aware of what Daniel and you wrote. But that does not give an answer why there *need* to be two places. What would break if there was only one?It wouldn't be logical if it was only advertised in one place (which one place would you choose?).Similar, the client's response to the server's features is currently <authenticate mechanism="HT-SHA-256-EXPR" xml:lang="en" xmlns="urn:xmpp:sasl:2"> <initial-response>dXNlcm5hbWUAYWJjMTIzYWJjMTIzYWJjMTIzYWJjMTIz</initial-response> <user-agent id="f140c0a6-4268-4f91-b33b-f01bcff590a1"> <software>Conversations</software> </user-agent> <bind xmlns="urn:xmpp:bind:0"> <tag>Conversations</tag> <enable xmlns="urn:xmpp:carbons:2"/> <enable resume="true" xmlns="urn:xmpp:sm:3"/> </bind> <resume h="15" previd="Cs2XQsE749BM" xmlns="urn:xmpp:sm:3"/> <fast xmlns="urn:xmpp:fast:0"/> </authenticate> Why not shove everything into a single place here (e.g. under <bind/>)?Because you might do SASL2 without binding, for example (not a common case I'm sure, but it's possible already today with traditional SASL/bind). Also note that In this example <bind> is optional, since the client says it would prefer to resume an existing session if possible.
Authenticated but unbound connections seem to something worth sacrificing if it makes SASL 2 + Bind 2 significantly less complex (which I believe it does). Or am I missing an important use case for those kind of connections?
- Flow
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org _______________________________________________
