[Psi-devel] account defaults don't work for google talk
remko at el-tramo.be
Thu Mar 1 13:30:42 PST 2007
> GOOGLE-TOKEN doesn't give us anything security wise. The api is
> plaintext over SSL. So we can use SASL PLAIN directly, nothing
> gained by going over https, only more possibility to get a SSL
> cert checking wrong.
GOOGLE-TOKEN never sends your username or password over the
connection. It gets a token out of band via https (which is secured
using certified certificates), and uses this token to authenticate. So
comparing it with PLAIN is not really correct AFAIK.
More information about the psi-devel