[Psi-devel] Some login/sasl questions for 0.11
textshell-I1QKlO at neutronstar.dyndns.org
textshell-I1QKlO at neutronstar.dyndns.org
Sun Feb 4 10:22:39 PST 2007
I asked these on the MUC, but remko wanted the discussion to be here.
1) do we want double encryption (TLS and SASL based at the same time)
we currently do double encryption, but i think it's not a great idea.
i think changing psi to don't double encrypt would be easy. I can
try to write a patch for that *if* that's what should be done.
2) does auth-int (that is SASL based connection integrety support
(aka signing stuff send over the wire)) still show up the same
as encrypted connections? If so, is that ok?
I guess this needs testing. Matthias Wimmer mentioned this
when we debugged psi+cyrus and jabberd1.6 interop
3) do we want to have a allow plaintext login over encrypted streams
option? (or change current allow plaintext to mean that).
some start of a discussion at
http://chatlogs.jabber.ru/psi%40conference.jabber.ru/2007/02/04.html#20:55:18
I think a
Allow Plaintext: [Over encrypted session | Always | Never]
would be best. But maybe we just don't need this.
- Martin
More information about the psi-devel
mailing list