Re: [xmppwg] Last Call: 'XMPP Core' to Proposed Standard

[Eric Rescorla <ekr@rtfm.com>]

"Kurt D. Zeilenga" <Kurt@OpenLDAP.org> writes:
> I concur with Alexey's recent comments regarding XMPP's SASL
> Profile.  I have a few addition concerns regarding this profile.
> The scope of my review was, due to time constraints, was limited
> to the profile.
> 
> I not sure why the documents says that SASL and TLS security
> layers SHOULD NOT be enabled simultaneously (Section 6.2, rule 2),
> but this recommendation is, I believe, flawed.  There are numerous use
> cases where implementations SHOULD establish additional layers.
> For example, establishing additional SASL layers may prevent
> certain kinds of tunneling man-in-the-middle attacks.
Could you describe some of them?

-Ekr

-- 
[Eric Rescorla                                   ekr@rtfm.com]
                http://www.rtfm.com/