On Jan 25, 2013, at 7:08 AM, Winfried Tilanus wrote:
> Hi,
>
> And now we are talking about XEP-0198, I think the security
> considerations should take some more situations in account for the
> session hijacking protection. When properly and securely authenticated,
> the authentication is enoug
Hi,
And now we are talking about XEP-0198, I think the security
considerations should take some more situations in account for the
session hijacking protection. When properly and securely authenticated,
the authentication is enough protection against sesion hijacking. But
when using SASL-Anonymous