On Wed, 24 Aug 2022 at 07:56, Daniel Gultsch <[email protected]> wrote:
> I now realize that I get hung up on PLAIN at little bit in my previous > e-mail. But what I was really saying is that ISR should allow any SASL > mechanism with HT-* being just one possible (although good) choice. > Right. HT is great, it really is, but the fundamentals of ISR will work with any SASL mechanism in principle. Using PLAIN isn't ideal, but there's a number of deployments constrained into using PLAIN - and probably plenty constrained into using a token-based 1-RTT mechanism too, which has similar outcomes. Furthermore it would even allow me to use HT-* without ISR. > This too. The whole client-key stuff was aimed in a similar direction to "HT-* without ISR". There's some entertaining work for someone in combining all this together more coherently than I managed. > WRT: Compressions. Dave in his email refers to it as XEP-0138 which is > why a Ctrl-F didn’t yield any results. To add to Daves points. Making > compression a SASL2 extension also fixes the somewhat weird issue > where the session can not be resumed and the server thus doesn’t know > if compression was enabled previously or not. It just makes > compression explicit rather than handwavey "if it was enabled > previously". > > Yeah, exactly this. As I said 4 years ago, SASL2 was built so we can negotiate everything at once without implicit negotiation, so we might as well use it. > And yes we are currently implementing it. That's why I’m providing > feedback on the XEP. And yes we are using it with compression and yes > we do terminate TLS early and can’t use HT-* and yes we use PLAIN for > regular logins too and therefor we don’t have an issue with the > "downgrade" in security. > (Well, you might have an issue, but not one you can address). And yes, been there, done that, do not have a t-shirt but do have a badge lanyard. BTW, aside: if you're able to use a pure token mechanism, you can basically pack the PLAIN response into a Fernet token or similar and keep the security model identical. And you *can* use HT-* still, then, because of the details of how GS2 TLS channel binding works, the server is always given the binding data and can just blind trust it. You don't get actual channel binding of course, but the authentication side still works. Although you may never stop crying silently. Dave.
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
