On Mar 26, 2008, at 5:11 AM, Alexey Melnikov wrote:
- If not, and we can use a negotiated security layer, what happens
when you try to switch to a SASL mechanism that doesn't support that
security layer?
If the client's minimum security level requires a security layer,
then the client should never pick a mechanism that does not have one.
Exactly. The client should require some minimal security layer from
TLS and/or SASL.
My point is what happens if the first (failing) mechanism had
negotiated a security layer as a prelude to doing authentication? Is
that security layer still in effect when you try the new mechanism?
If the new mechanism negotiates it's own security layer, will there be
multiple layers in effect?
--
Joe Hildebrand
