Tobias Markmann wrote:
Hi,
Hi Tobias,
According to 3920bis-03 there are this two errors defined: mechanism-invalid [1] and mechanism-too-weak [2]. I think mechanism-invalid would be sufficient.SASL usually works the way that first the server advertises what it supports and then the client gets to choose. A client selecting a mechanism which hasn't advertised is quite broken in my opinion.
I agree.But there might be another use case for the error code - selection of a mechanism which is considered too weak for a particular user. In such case the server would advertise the mechanism to everybody, but return the error for some users.
Since it's broken why have two errors for this. I mean the client can't really do something useful with the info mechanism-too-weak. Selecting and unsupported mechanism is quite a bug and I think it would be cleaner to not split our errors in areas that are about buggy clients. Or have I missed the clients that bring up a text box where the user can enter the mechanism to use manually? ;)Cheers, Tobias [1] http://tools.ietf.org/html/draft-ietf-xmpp-3920bis-03#section-7.4.7 [2] http://tools.ietf.org/html/draft-ietf-xmpp-3920bis-03#section-7.4.9
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.