You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -205,7 +205,7 @@ This allows to pin the token to a the SASL mechanism, which increases the securi
To be secure, the HT mechanism **MUST** be used over a TLS channel that has had the session hash extension [@!RFC7627] negotiated, or session resumption **MUST NOT** have been used.
It is RECOMMENDED that implementations peridically require a full authentication using a strong SASL mechanism which does not use the SASL-HT token.
It is **RECOMMENDED** that implementations peridically require a full authentication using a strong SASL mechanism which does not use the SASL-HT token.
It is of vital importance that the SASL-HT token is generated by a cryptographically secure random generator. See [@!RFC4086] for more information about Randomness Requirements for Security.
