[jdev] TLS and SASL procedure
Matthias Wimmer
m at tthias.net
Thu Aug 18 07:00:21 CDT 2005
Hi Chen, Hao,
note that the XMPP spec does not know about jabber:iq:register. You can
read the RFC that after TLS negotiation you have to login using SASL.
But is it really what you want to enforce the client? Doing that would
mean you require the client to register for the new account using an
unprotected stream, which is very bad as for the registration the
password is transmitted in clear.
Tot kijk
Matthias
Chen, Hao wrote:
>I am implementing TLS and SASL for JiveMessenger. Gaim Jabber client
>works very well with my new codes (for those registered account). But,
>when I use Gaim to register a new account, I find that Gaim will send
>registration information after a successful TLS negotiation, whereas
>my codes are expecting SASL negotiation after TLS negotiation.
>
>According to the XMPP spec: section 5.1, rule 12, "If the TLS
>negotiation is successful, the initiating entity MUST continue with
>SASL negotiation."
>
>So, Can I say this problem is not from my codes but Gaim Jabber implementation?
>
>Regards
>
>
More information about the JDev
mailing list