You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@mina.apache.org by "Niklas Gustavsson (JIRA)" <ji...@apache.org> on 2011/06/28 22:12:17 UTC

[jira] [Commented] (VYSPER-288) Announcing in-band registration although StartTLS might be required (first)

    [ https://issues.apache.org/jira/browse/VYSPER-288?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13056733#comment-13056733 ] 

Niklas Gustavsson commented on VYSPER-288:
------------------------------------------

Depending on what we mean by default, it is enabled in org.apache.vysper.xmpp.server.ServerMain. I would support removing it as enabled in that class, as well as only support it over TLS (if that works with the common clients). Let me know if you want me to work on this.

> Announcing in-band registration although StartTLS might be required (first)
> ---------------------------------------------------------------------------
>
>                 Key: VYSPER-288
>                 URL: https://issues.apache.org/jira/browse/VYSPER-288
>             Project: VYSPER
>          Issue Type: Bug
>            Reporter: Bernd Fondermann
>            Priority: Blocker
>
> Right now, in-band registration is announced before a mandatory switch to TLS has been accomplished.
> I think we should not do that. However, I don't know if the feature still works over TLS. But I'd strongly suspect so, because, hey, it's a registration.
> After crossreading XEP-0077, I don't see why we should allow for doing regs over an unencrypted wire.
> WDYT?
> (Marking as a blocker, because of potential security implications. However, in-band is not enabled by default, is it?)

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira