[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [xmpp] SCRAM as MTI?

From: Fabio Forno <fabio.forno at gmail.com>
To: Peter Saint-Andre <stpeter at stpeter.im>
Cc: XMPP <xmpp at ietf.org>
Date: Tue, 15 Sep 2009 14:15:39 +0200
In-reply-to: <4AAE6984.8040201 at stpeter.im>
References: <4AAE6984.8040201 at stpeter.im>

2009/9/14 Peter Saint-Andre <stpeter at stpeter.im>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> The SASL SCRAM mechanism is currently in IETF Last Call:
>
> http://www.ietf.org/internet-drafts/draft-ietf-sasl-scram-07.txt
>
> This mechanism is intended to replace DIGEST-MD5. Does it make sense for
> the XMPP WG to specify SCRAM as mandatory-to-implement?

Does SCRAM support a digest based auth like DIGEST-MD5 or, better,
does it allow secure authentication over an unsecure channel? In that
case definitively yes, since there many case in which I don't need
TLS, but at least i want to protect my credentials.

-- 
Fabio Forno, Ph.D.
Bluendo srl http://www.bluendo.com
jabber id: ff at jabber.bluendo.com

Follow-Ups:
- Re: [xmpp] SCRAM as MTI?
  - From: Simon Josefsson

References:
- [xmpp] SCRAM as MTI?
  - From: Peter Saint-Andre

Prev by Date: Re: [xmpp] SCRAM as MTI?
Next by Date: Re: [xmpp] SCRAM as MTI?
Previous by thread: Re: [xmpp] SCRAM as MTI?
Next by thread: Re: [xmpp] SCRAM as MTI?
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.