-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 9/18/12 11:16 AM, Hannes Tschofenig wrote: > Here is my impression: Since the community OAuth specification > allowed the usage of PLAIN without TLS there is most likely still a > lot of code out there that uses it without any confidentiality > protection (which is obviously very insecure).
Indeed. > (Btw, the current XMPP OAuth XEP is also insecure...) Calling it "current" is a bit of a stretch. :) It was deferred for inactivity quite some time ago. At this point, any use of OAuth in XMPP would likely be based on the SASL mechanism. Peter -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlBYrasACgkQNL8k5A2w/vxqmwCfenP8/lcI0pKVVAqHa3Z+cX1v 5bkAoIj0KXeytxcdYegXPGHKW5IdmAdp =V/NG -----END PGP SIGNATURE-----