We are currently looking into implementing serverless messaging. The specification (and the XMPP: The Definitive Guide) both mention that serverless messaging does not use SASL or TLS by default so it isn't secure. Has anyone looked into an appropriate way to implement this functionality? I get TLS but I am a little confused by SASL since it would require having user names and passwords stored which seems to almost contradict the point of serverless messaging.
Any thoughts? ~ Todd Herman
