On Wed, 11 Sep 2019 at 16:33, Jonas Schäfer <jo...@wielicki.name> wrote:
> Title: Authorization Tokens > URL: https://xmpp.org/extensions/inbox/auth-tokens.html Long time participants, including Florian Schmaus (who suffered from this for ages) will probably guess what I'll say to this. There is nothing particularly wrong about this. Some of it (the token management stuff) does belong in a XEP, though we have ways of doing this already (XEP-0399, and to some extent, XEP-0397), that I think are sufficiently close as to not really need anything radically different. The token mechanism itself, being a SASL mechanism, is however entirely out of scope for the XSF to standardize - that would need to go through the IETF. In this instance, it's a straightforward copy of PLAIN - whether it needs a different mechanism at all is an interesting question and one I do not have the capability to answer, but the Kitten group at the IETF might well have opinions. But equally, both Florian's existing HT-* and my CLIENT-KEY mechanism have both entered the void of the IETF's Kitten working group and sunk without trace, but they both have some useful security properties beyond PLAIN, so might be worth looking into. This XEP will come up for a vote next week, and I will turn it down. But I'm entirely sold on the need for "something like this", and would be very grateful if you look at '399 and '397, as well as CLIENT-KEY and HT-* over at the IETF, and if you'd like to take over '399 I'd appreciate it. Dave.
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org _______________________________________________