-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andrew Plotkin wrote: > I implemented this months ago, and it worked, but I never fully tested > it with non-ASCII usernames and passwords. Now I'm running into a > problem, and I don't know whether it's my fault. > > The SASL Digest document (rfc2831) says, in section 2.1.2.1: > > The "username-value", "realm-value" and "passwd" are encoded > according to the value of the "charset" directive. If "charset=UTF-8" > is present, and all the characters of either "username-value" or > "passwd" are in the ISO 8859-1 character set, then it must be > converted to ISO 8859-1 before being hashed. > > If I follow this instruction, authentication doesn't work. (I mean, it > doesn't work for usernames that contain characters in the 128-255 range. > If everything fits in ASCII, the two encodings are identical and > everything works. If there's a character beyond 255, the quoted > instruction doesn't apply and everything still works.) > > If I ignore the instruction (and never convert to 8859-1), then > authentication works in all cases. > > (I tested this against our own ejabberd server and against jabber.org.) > > So, did I screw up the implementation somewhere? Is ejabberd behaving > badly? Or should I be ignoring that line of the spec? (That would surely > be the easy way out, since it leads to my code working.)
Ick, I never noticed that conversion to 8859-1 before. XMPP is all UTF-8 so the 8859-1 conversion seems wrong for us. But I'll seek clarification from the SASL folks. Peter - -- Peter Saint-Andre Jabber Software Foundation http://www.jabber.org/people/stpeter.shtml -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEJDmXNF1RSzyt3NURAom7AKDHWroa6S8S2qiH1xPvq6Rd4uYVWwCePg1J 1/2FailhB05fSJ3g9+DYQ6Q= =UwEC -----END PGP SIGNATURE-----
smime.p7s
Description: S/MIME Cryptographic Signature
