Dave Cridland wrote: > Just a quick note on the just-ended SASL WG meeting at IETF70, which I > listened to and read through on the chatroom. Of importance to XMPP/XSF: > > DIGEST-MD5 is likely to be made historic soon - the document will be > going to working group last call very shortly. This is okay, I think as...
I don't think we have strenuous objections from the XMPP community, though I wish we'd known back in ~2003 that it would be deprecated.... > SCRAM is looking near completion, That is: http://www.tools.ietf.org/html/draft-newman-auth-scram-04 > however there is a significant > proportion of the WG which would like to see it as a GS2 (ie, GSSAPI) > mechanism, exposed through SASL. I'm personally a little nervous about > this, I'm thinking in particular that this may cause additional > implementation complexity. If you have a strong opinion either way, you > may wish to join the WG and make your feelings known. I'm not knowledgeable enough to have strong feelings yet, though naturally I prefer to minimize complexity. :) > There was also a discussion about legacy authentication mechanisms, and, > in particular, how clients ought to choose between (for example) a > legacy plaintext mechanism like XEP-0078 and SASL PLAIN. The consensus > seemed to be that it's up to the protocol to tell clients what to do. I > think XEP-0078 covers us for this - it clearly states it's deprecated - > but we may want to review that and double-check. I didn't see that in the logs. > Finally, I had an interesting chat with Nico Williams on channel > binding, which might help people understand that area of security a > little better. It's at the end of the logs, which I can't quite recall a > URL for, but I'll dig one out if anyone wants it. Any chance that someone will write up the results of that exchange into more readable text? Perhaps rfc5056bis is already on the way? ;-) Peter -- Peter Saint-Andre https://stpeter.im/
smime.p7s
Description: S/MIME Cryptographic Signature
