[jdev] S2S questions - from attribute and version support
Philipp Hancke
fippo at goodadvice.pages.de
Sat Dec 31 02:07:11 CST 2005
Justin Karneges wrote:
> For now, servers implementors seem to be taking matters
> into their own hands, and so not only do we have 1.0
> without SASL, but we have TLS+dialback.
What if SASL is implemented but there are no usable methods?
Let us assume we have successfully used starttls.
The server will only offer SASL PLAIN or DIGEST-MD5 for s2s
authentication if there is a shared secret between the two parties.
The server will only offer SASL EXTERNAL if the certificate presented
by the client (server) meets certain criteria (see
https://www.jabber.org/jdev/2005-November/022309.html).
What if both mechanisms are not usable (and therefore not offered)?
This is why tls+dialback is currently necessary.
Philipp
More information about the JDev
mailing list