Re: [Standards] XEP-0388 (SASL2) Update

[Dave Cridland]

On 15 August 2017 at 17:08, Sam Whited  wrote:
> On Tue, Aug 15, 2017, at 10:12, Dave Cridland wrote:
>> *  now talks about "tasks" rather than special SASL
>> mechanisms. Tasks have essentially the same interface as SASL mechs,
>> but do different things - trying to shoehorn them into the same thing
>> wasn't mentally working for me, and for some reason everything got
>> simpler after I stopped pretending.
>
> These do seem like the same thing to me (although I don't have a strong
> opinion on this either way); what are the differences as you see them?

You can't use the post authentication tasks as normal SASL mechanisms,
and normal SASL mechanisms don't work as tasks either.

For example, a normal SASL mechanism decides what authorization
identifier to use; a task can't change that, and uses that as input.

So using a stock SASL framework, like Java's or Cyrus, to drive these
just breaks everywhere.

Dave.
___
Standards mailing list
Info: https://mail.jabber.org/mailman/listinfo/standards
Unsubscribe: standards-unsubscr...@xmpp.org
___

Re: [Standards] XEP-0388 (SASL2) Update

[Sam Whited]

On Tue, Aug 15, 2017, at 10:12, Dave Cridland wrote:
> *  now talks about "tasks" rather than special SASL
> mechanisms. Tasks have essentially the same interface as SASL mechs,
> but do different things - trying to shoehorn them into the same thing
> wasn't mentally working for me, and for some reason everything got
> simpler after I stopped pretending.

These do seem like the same thing to me (although I don't have a strong
opinion on this either way); what are the differences as you see them?

—Sam
___
Standards mailing list
Info: https://mail.jabber.org/mailman/listinfo/standards
Unsubscribe: standards-unsubscr...@xmpp.org
___

[Standards] XEP-0388 (SASL2) Update

[Dave Cridland]

GitHub PR: https://github.com/xsf/xeps/pull/493

Folks,

I've had a bit of a crack at implementing SASL2 in Openfire, with a
view to getting "Password change at next login" and (in the future)
TOTP support in place around SASL2. I've also implemented it in
stanza.io.

In the course of this, I found various things about the design which
either didn't work, or else caused rather more effort than I really
wanted.

The main changes I've made are:

* I did away with the "=" encoding for empty strings. It was daft, as
Alexey suggested, and wasn't required.
*  is now followed immediately by .
Otherwise it's very hard to decide what to do next. There's no stream
restart, so this is still keeping the RTTs down.
*  now talks about "tasks" rather than special SASL
mechanisms. Tasks have essentially the same interface as SASL mechs,
but do different things - trying to shoehorn them into the same thing
wasn't mentally working for me, and for some reason everything got
simpler after I stopped pretending.

These changes made it fairly straightforward to implement.

Comments welcome...

Dave.
___
Standards mailing list
Info: https://mail.jabber.org/mailman/listinfo/standards
Unsubscribe: standards-unsubscr...@xmpp.org
___