felixauringer commented on PR #3049:
URL: https://github.com/apache/james-project/pull/3049#issuecomment-4545144091

   > My interpretation was SASL = AUTH hence the code. I disregarded "security 
layer"
   
   That was mine too, at first. However, the *real* SASL security layers seem 
to be very rarely used nowadays. If you search for `security layer` in SASL 
RFCs, you'll find that most do not provide a security layer.
   
   RFC 4616 (SASL PLAIN):
   
   > The PLAIN SASL mechanism does not provide a security layer.
   
   RFC 7628 (SASL OAUTHBEARER):
   
   > SASL mechanisms using this document as their definition do not provide a 
data security layer; that is, they cannot provide integrity or confidentiality 
protection for application messages after the initial authentication.
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to