jdev - 2020-12-27

  1. Sam Whited

    > If the initiating entity subsequently sends another <auth/> element and the ongoing authentication handshake has not yet completed, the receiving entity MUST discard the ongoing handshake and MUST process a new handshake for the subsequently requested SASL mechanism. Does anyone have any idea why this is? It seems like a bad idea (and anything that's just a throw-away sentence in an RFC with no explanation modifying something security critical like authentication makes me nervous)

  2. defanor

    The failure handling section (6.4.5) sounds like it is for that, possibly just saving an explicit abort by allowing to start over before it's completed/aborted.

  3. Sam Whited

    ahhh, yah, I missed that it's mentioned again later on. Using it for retries makes sense.

  4. Sam Whited


  5. Sam Whited

    Thanks, even