[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
authmeth: re-fetching supportedSASLmechanisms
authmeth-08 section 3.3.5 says:
If the client is configured to support multiple SASL mechanisms, it
SHOULD fetch the supportedSASLmechanisms list both before and after
the SASL security layer is negotiated. This allows the client to
detect active attacks that remove supported SASL mechanisms from the
supportedSASLMechanisms list and allows the client to ensure that it
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
is using the best mechanism supported by both client and server.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Delete the underlined text. It does not allow the client to ensure
that. The password has already been sent with a weaker mechanism by
the time the client discovers that a stronger mechanism is available.
--
Hallvard