Dave Cridland wrote: > Just a quick note on the just-ended SASL WG meeting at IETF70, which I > listened to and read through on the chatroom.
Thanks for the note. Unfortunately I was travelling at the time and unable to attend in person. > Of importance to XMPP/XSF: > > DIGEST-MD5 is likely to be made historic soon - the document will be > going to working group last call very shortly. This is okay, I think as... > > SCRAM is looking near completion, however there is a significant > proportion of the WG which would like to see it as a GS2 (ie, GSSAPI) > mechanism, exposed through SASL. I'm personally a little nervous about > this, I'm thinking in particular that this may cause additional > implementation complexity. If you have a strong opinion either way, you > may wish to join the WG and make your feelings known. > > There was also a discussion about legacy authentication mechanisms, and, > in particular, how clients ought to choose between (for example) a > legacy plaintext mechanism like XEP-0078 and SASL PLAIN. The consensus > seemed to be that it's up to the protocol to tell clients what to do. I > think XEP-0078 covers us for this - it clearly states it's deprecated - > but we may want to review that and double-check. > > Finally, I had an interesting chat with Nico Williams on channel > binding, which might help people understand that area of security a > little better. It's at the end of the logs, which I can't quite recall a > URL for, but I'll dig one out if anyone wants it. http://www.ietf.org/meetings/ietf-logs/sasl/2007-12-05.html Peter -- Peter Saint-Andre https://stpeter.im/
smime.p7s
Description: S/MIME Cryptographic Signature
