On 18/03/2024 09.59, Daniel Gultsch wrote:
This message constitutes notice of a Last Call for comments on XEP-0388.Title: Extensible SASL Profile Abstract: This document describes a replacement for the SASL profile documented in RFC 6120 which allows for greater extensibility. URL: https://xmpp.org/extensions/xep-0388.html This Last Call begins today and shall end at the close of business on 2024-04-01. Please consider the following questions during this Last Call and send your feedback to the [email protected] discussion list: 1. Is this specification needed to fill gaps in the XMPP protocol stack or to clarify an existing protocol?
Yes.
2. Does the specification solve the problem stated in the introduction and requirements?
Yes.
3. Do you plan to implement this specification in your code? If not, why not?
No immediate plans, due the lack of resources on my end. However, it is consensus that SASL2 and Bind2 are the frontier of current XMPP stream/session establishment and hence are, or at least will become, highly relevant. And the fundamental design of both is solid and incorporates our experience with the current design.
4. Do you have any security concerns related to this specification?
None at the moment.
5. Is the specification accurate and clearly written?
Just some random remarks:- § 2.2 specifies that Base 64 encoding is used but does not reference the specification for Base 64. Also, there are multiple flavors of Base64, we may want to clarify which one is used. - § 2.4 mandates that "Servers MUST disconnect Clients immediately if any other traffic is received". Should we allow Servers to send a stream:error with some helpful information about the cause for the disconnect prior disconnecting? - It would be nice if the mentioned RFCs in the documented where actual linked references. - § 7. says 'None' whereas this XEP introduces a new namespace 'urn:xmpp:sasl:2' which should be registered in the registrars namespace registry (Yes I know that the XSF registrar is not in a good shape, but still).
Thanks for working on SASL2. - Florian
OpenPGP_0x8CAC2A9678548E35.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ Standards mailing list -- [email protected] To unsubscribe send an email to [email protected]
