On 05/25/2006 6:34 AM (!), Dave Cridland wrote:
> On Thu May 25 12:58:21 2006, Norman Rasmussen wrote:
>> mmm, all true.
>
> Trouble is with security, it's hard to know which parts are paranoia,
> and which are sound precautions.
>
>> Either way Ulrich's users are going to have to provide
>> their password in 'plain' format at least once to start using jabber.
>> (either via a script on the web-site or via sasl or iq plain)
>
> Yes.
>
> I can't actually find anything in RFC3920 about transitioning, though.
> As far as I know, only ACAP and POP3 have the signalling required. It's
> possible that the thinking has changed on whether transitioning is
> "good" or not, though, I shall find out.
>
> Transitioning might be something to raise during RFC3920bis development,
> perhaps.

Dave, did you ever look into this further?

Peter

--
Peter Saint-Andre
https://stpeter.im/


_______________________________________________
JDev mailing list
FAQ: http://www.jabber.org/discussion-lists/jdev-faq
Forum: http://www.jabberforum.org/forumdisplay.php?f=20
Info: http://mail.jabber.org/mailman/listinfo/jdev
Unsubscribe: JDev-unsubscribe (AT) jabber (DOT) org
_______________________________________________