1. Is this specification needed to fill gaps in the XMPP protocol stack or to clarify an existing protocol?
Yes.
2. Does the specification solve the problem stated in the introduction and requirements?
Yes.
3. Do you plan to implement this specification in your code? If not, why not?
Yes.
4. Do you have any security concerns related to this specification?
I don't love that the suggested SASL mechanisms have no protection against tokens being stolen and re-used via MITM, but this could be solved by using SCRAM in implementations which is not forbidden.
5. Is the specification accurate and clearly written?
I do not particularly like at all having the SASL mechanisms for FAST specified completely seperately. I do sort of understand the reason it was does, but it's not generic at all. For example if I want do (and I do want to) support "app passwords" I need to solve the same problems (select which credential is being used, specify which SASL mechanisms can be used for which credential) but I wouldn't be able to re-use the solution FAST uses and would need yet another third solution.
signature.asc
Description: PGP signature
_______________________________________________ Standards mailing list -- [email protected] To unsubscribe send an email to [email protected]
