On May 13, 2011, at 13:02 , Glenn Maynard wrote: > On Fri, May 13, 2011 at 1:54 PM, Matthew A. Miller > <[email protected]> wrote: > Yes, "service domain" == "domainpart" in this context. This the general > consensus for all XMPP authentication. > > Is there anywhere these general consensuses are documented? As an > implementor, it's painful having to wade through mailing lists trying to > figure out these things that aren't fully specced, and as a user it's hard to > report bugs when there's nowhere authorative (much less normative) to point > to in bug reports. >
This used to be sort of documented in a "Tao of XMPP" wiki site, that I can't find again. /sigh > Looking briefly at what Pidgin's XMPP implementation passes to Cyrus, 1: for > direct, non-SRV-discovered XMPP, the JID domainpart and the hostname are the > same it uses the JID domainpart (which is the same as the hostname in this > case anyway); 2: for direct, non-SRV XMPP where the user has specified a > different XMPP to connect to than his JID domainpart (eg. Gtalk), it uses the > specified hostname; 3: for SRV discovery, it uses the SRV-discovered > hostname; 4: for BOSH, it uses the hostname of the BOSH server. So, not all > implementors seem aware of this consensus... This is the second biggest reason why SCRAM is better than DIGEST-MD5. I will note that many server-side implementations of DIGEST-MD5 don't try to validate the service URL. - m&m
smime.p7s
Description: S/MIME cryptographic signature
