Uploaded image for project: 'VYSPER'
  1. VYSPER
  2. VYSPER-288

Announcing in-band registration although StartTLS might be required (first)

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Blocker
    • Resolution: Fixed
    • None
    • 0.8
    • None
    • None

    Description

      Right now, in-band registration is announced before a mandatory switch to TLS has been accomplished.
      I think we should not do that. However, I don't know if the feature still works over TLS. But I'd strongly suspect so, because, hey, it's a registration.

      After crossreading XEP-0077, I don't see why we should allow for doing regs over an unencrypted wire.

      WDYT?

      (Marking as a blocker, because of potential security implications. However, in-band is not enabled by default, is it?)

      Attachments

        Activity

          People

            niklas Niklas Therning
            brainlounge Bernd Fondermann
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: