[jdev] TLS and SASL procedure
Peter Saint-Andre
stpeter at jabber.org
Fri Aug 19 09:31:31 CDT 2005
JD Conley wrote:
>>In my previous post, I want to ask if I should let my codes do some
>>checking after TLS negotiation and before SASL negotiation. Now my
>>codes start SASL immediately after a successful TLS negotiation and
>>this is what I understand from the XMPP spec.
>
>
> You can't really assume that the client will do SASL after successful
> TLS negotiation. They might negotiate compression, ACK, registration,
> non-sasl auth, dialback, or some other stream feature.
>
> In all the implementations I've seen this is allowed and SASL is not
> necessarily even required on an XMPP stream.
RFC 3920 requires SASL authentication. Many existing Jabber ("XMPP 0.9")
servers will also accept JEP-0078 authentication but that is not part of
RFC 3920.
Peter
--
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.shtml
More information about the JDev
mailing list