>> Using DIGEST-MD5 or PLAIN for interconnection between servers would
>> mean
>> that EVERY PAIR of jabber servers would have to agree on a shared
>> secret. That's very much impractical.
> True, thats why I believe that something should be done to facilitate
> it. Otherwise, how about having TLS+SASL ANONYMOUS for s2s then?
Doesnt that open you up to forgery (and thus forged spam)? Or is the TLS
enough to protect against that?
Right. And If the servers do mutual auth using TLS, then might as
well go for EXTERNAL
Huh, right to which? Does it open you up to forgery or not, and if TLS is
enough to prevent forgery on its own then why arnt we just using that on its
own without SASL?
Richard
