We heavily use XEP-0114 (Jabber Components). This is currently only historical and not actually a standards track. I wanted to check if anyone knows why this is and I wanted to check if there is any movement related to updated the specification to support TLS and SASL. I don't see why the component and server couldn't exchange features to determine is TLS is supported and what sasl mechanisms are.
The one big thing I can think of is that current servers wouldn't support any direct changes so either a separate extension would need to be written to provide this updated version, so as not to break with current implementations, or the process would need to be more manual and not rely on the server doing some things automatically. I am curious what peoples thoughts are on this or if anyone has already started looking in to this. As I said, we use components often and having them be secured is becoming more and more an issue. Thanks, Todd