-
love
hello
-
love
Stefan
-
moparisthebest
> if the server offers a method that simply does not work, i tend to think admin should get informed by user reports right away > and not we fall silently back and problem is not discovered for eternety > same story with direct and start tls
-
moparisthebest
lovetox: that's not at all the same story though
-
moparisthebest
With sasl mechanisms, you have a secure and authenticated connection to your trusted server
-
moparisthebest
If a network attacker blocks 1 of many connection methods and you don't try the rest, that's letting the attacker win
-
moparisthebest
No user ever wants to not connect when they could connect, right?
-
Sam Whited
moparisthebest: if an attacker blocks one method that could also be a downgrade attack; I'm all for preventing DOS's, but in the case of auth I'd say it's probably worth failing fast (depending on the mechanisms, their security levels, etc.)
-
Zash
If an attacker blocks one SASL method? You're already on pretty thin ice then.
-
moparisthebest
No I'm talking about connecting, not auth methods, I'm saying they are very different, not the same
-
Sam Whited
oh gotcha, yah, I tend to agree