On 1/31/19 8:58 AM, Jonas Schäfer wrote: > So since during the summit, it was desired to have a breaking change to SASL2 > (that’s rare, isn’t it?), I have two suggestions for things which could use > fixing and which could trigger a namespace bump and one thing which should be > mentioned independently: > > > 1. xml:lang on <text/>: The error messages could use xml:lang support, like > stanza and RFC 6120 sasl errors do (with multiple <text/> elements in > different languages). > > 2. Is there a particular reason why the <tasks/> thing uses plain strings as > its values instead of a mechanism like <stream:features/>, where namespaced > elements with possible child elements / text are used? > > 3. We should mention in the security considerations that clients should be > careful which requests they include in the initial <authenticate/> especially > when no transport security is in use; if the SASL method allows mutual > authentication (e.g. SCRAM), a client might find that they’re not actually > connected to the server and have just sent possibly private data to them.
That all seems reasonable. Peter
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org _______________________________________________
