This is great stuff, thanks Peter! I'd love it if we could use jabber.org more; it's easy to forget that we have a great source of data about the network at our fingertips.
Given how small the percentage of logins over CRAM-MD5 and XEP-0078 are, can we disable those? Anything under 10% feels worth killing to me. —Sam On Thu, Aug 9, 2018, at 10:24, Peter Saint-Andre wrote: > Out of curiosity, I recently looked at successful logins on jabber.org > over a series of days (all over TLS, of course). The methods used were: > > SCRAM-SHA-1 46.68% > DIGEST-MD5 38.65% > SASL PLAIN 10.03% > plaintext (XEP-0078) 3.97% > CRAM-MD5 0.67% > > It's interesting that DIGEST-MD5 is still so widely used, despite > interoperability problems over the years. And 4% use of XEP-0078 > indicates that there are still some really old clients out there (it's > been almost 14 years since the publication of RFC 3920). _______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
