[jdev] SASL question on RFC 3920

[Jens Mikkelsen]

[snip]
> 
> In one line: TLS does encryption of the TCP connection, SASL does 
> authentiction of the IM user.
> 
> The login process of an XMPP client using XMPP-1.0 goes as follows:
> 1. Client makes a normal TCP connection to the XMPP server.  This is not 
> encrypted or anything; just a socket.
> 2. Client and server exchange some XML so tell eachother that they 
> support TLS.  Still not encrypted.
> 3. Client and server do TLS handshake so that they can encrypt data over 
> that socket from then on.
> 4. Client and server exchange some more XML to authenticate the IM user 
> with SASL.
> 
> SASL is basically a lot of different ways to authenticate.  In SASL, a 
> way to authenticate is called a mechanism.
> 
> For example:
> - plaintext: just send the password and username
> - digest: send the MD5 of some random data + plaintext password
> - sspi: Windows authentication
> - ... more exist but are used only in specific cases such as for keycard 
> based authentication or iris scanners or whatever ;-)
> 

Great this was just what I was hoping to hear! I was confused by the
title Security Layer. I thought there might be some sort of encryption
layer that I wasn't aware of. Thanks

> Most clients (and servers) only support the first two mechanisms.
> 
> Take a look at the XML traffic console of Pandion or Exodus to see TLS 
> and SASL being used when you log in.
> Then compare it with the data that you see in Ethereal or some other 
> network sniffer.  TLS takes place before SASL.
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mail.jabber.org/mailman/listinfo/jdev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://www.jabber.org/jdev/attachments/20050106/251f80a9/attachment-0002.pgp>