[jdev] MD5 auth problem
Dave Cridland
dave at cridland.net
Thu May 25 07:34:31 CDT 2006
On Thu May 25 12:58:21 2006, Norman Rasmussen wrote:
> mmm, all true.
Trouble is with security, it's hard to know which parts are paranoia,
and which are sound precautions.
> Either way Ulrich's users are going to have to provide
> their password in 'plain' format at least once to start using
> jabber.
> (either via a script on the web-site or via sasl or iq plain)
Yes.
I can't actually find anything in RFC3920 about transitioning,
though. As far as I know, only ACAP and POP3 have the signalling
required. It's possible that the thinking has changed on whether
transitioning is "good" or not, though, I shall find out.
Transitioning might be something to raise during RFC3920bis
development, perhaps.
Dave.
--
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at jabber.org
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
More information about the JDev
mailing list