[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [xmpp] SASL errors in 3920bis-03

From: Tobias Markmann <tmarkmann at googlemail.com>
To: xmpp at ietf.org
Date: Tue, 17 Nov 2009 09:11:15 +0100
In-reply-to: <4B025638.6090101 at isode.com>
References: <5cfc0a8e0911161126ha0d3f1eobfb8216f929a8fab at mail.gmail.com> <4B025638.6090101 at isode.com>

On Tue, Nov 17, 2009 at 8:52 AM, Alexey Melnikov <alexey.melnikov at isode.com> wrote:

But there might be another use case for the error code - selection of a mechanism which is considered too weak for a particular user. In such case the server would advertise the mechanism to everybody, but return the error for some users.

So you're are suggesting to use the mechanism-too-weak error for per-user authentication profiles since you initially can only have them on per-domain basis. But then again how should the client know what to chose for the current user? Try each advertised mechanism and after 20 round trips finally find one that doesn't respond with an mechanism-too-error?

Which client does provide manual SASL mechanism choice so the user could select a more secure mechanism?

--
Tobias Markmann
http://ayena.de

References:
- [xmpp] SASL errors in 3920bis-03
  - From: Tobias Markmann
- Re: [xmpp] SASL errors in 3920bis-03
  - From: Alexey Melnikov

Prev by Date: Re: [xmpp] SASL errors in 3920bis-03
Next by Date: Re: [xmpp] SASL errors in 3920bis-03
Previous by thread: Re: [xmpp] SASL errors in 3920bis-03
Next by thread: Re: [xmpp] SASL errors in 3920bis-03
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.