[JDEV] SASL, deployment and coding
Robert Norris
rob at cataclysm.cx
Tue Feb 4 16:58:06 CST 2003
> 1) Can the User Registration that is built into SASL be used to join a
> Jabber Server or must the Jabber Registration system (as stated in
> http://www.jabber.org/protocol/registration.html ) be used? I ask
> because SASL has built in registration and authentication, and I am
> unsure how to tap into the SASL password files.
This hasn't really been discussed in any detail. I would suggest joining
the XMPP working group and bringing this question up there:
http://www.jabber.org/cgi-bin/mailman/listinfo/xmppwg/
> 2) How felxable should a server be in the order of receved elements?
> Should a server be hard line on receving elements in the order listed,
> or should it be more open in the ordering, so long as all required
> elements are there?
I'm not sure what you mean by this. Can you provide an example?
> 3) Has anyone else thought that all servers should require SASL
> encription level of at least 40 (read 40 bit encription), and that with
> this there should be an addition to Jabber:Server:DialBack and SASL so
> that Server to server comunications are encripted, because what is the
> good of a message that is only encripted some of the time.
For backwards compatibility reasons, its not possible to enforce the use
of SASL (and I doubt it ever will be). For guaranteed end-to-end
security, its necessary to encrypt individual packets using GPG (or
similar).
The XMPP working group are actively pursuing these issues. I suggest you
subscribe to the list and get involved :)
Rob.
--
Robert Norris GPG: 1024D/FC18E6C2
Email+Jabber: rob at cataclysm.cx Web: http://cataclysm.cx/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <https://www.jabber.org/jdev/attachments/20030205/70daba30/attachment-0002.pgp>
More information about the JDev
mailing list