[jdev] anonymous login

[Matthew A. Miller]

 From reading RFC-2245[1], there's one of three things the client 
provides in the SASL response:
1) An email address
2) A string of US-ASCII (not containing '@') between 1 and 255 
characters long
3) Nothing

Given the above, I don't quite understand is how ANONYMOUS is overkill. 
Granted, it's up to the implementations to understand the operational 
and security concerns; but that would also be true of any special SASL 
mechanism we invent for the purpose.


Notes:
[1] RFC 2245: Anonymous SASL Mechanism <http://www.ietf.org/rfc/rfc2245.txt>

Joe Hildebrand wrote:

>There are also cases where you just want the server to pick a full JID
>for you, and ANONYMOUS is overkill.  Customers coming in to a customer
>service site is a good example.
>
>It may make sense to come up with a UNIQUE SASL mechanism that tells
>the server to create a new, unique JID, good for one shot.
>  
>
>
-- 
-  LW

GOT JABBER™? <http://www.jabber.org/>