[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [xmpp] SCRAM as MTI?

From: Justin Karneges <justin at affinix.com>
To: xmpp at ietf.org
Date: Tue, 15 Sep 2009 14:37:28 -0700
In-reply-to: <4AAFFA04.2080202 at stpeter.im>
References: <4AAE6984.8040201 at stpeter.im> <87r5u8o0vy.fsf at mocca.josefsson.org> <4AAFFA04.2080202 at stpeter.im>

On Tuesday 15 September 2009 13:33:08 Peter Saint-Andre wrote:
> On 9/15/09 6:20 AM, Simon Josefsson wrote:
> > To use SCRAM (or CRAM-MD5 or DIGEST-MD5) you need a secure channel.  If
> > you used DIGEST-MD5 with security layers you will need SCRAM+TLS
> > instead.  SCRAM does not provide any SASL security layers.  I hope you
> > weren't using DIGEST-MD5 security layers, because they weren't that
> > good...
>
> As mentioned, I don't think that anyone was using DIGEST-MD5 security
> layers in XMPP. If I'm wrong about that I'd love to be corrected.

Psi supports this feature but nobody knows it.  You have to pair the client 
with cyrus-sasl, which is not how we ship by default.

I'm not aware of anyone using DIGEST-MD5 security layers in practice.  That's 
a shame, because I do think it's a useful feature.  Even if the security 
isn't that good, it's certainly better than unchecked TLS (something people 
still do today).

-Justin

References:
- [xmpp] SCRAM as MTI?
  - From: Peter Saint-Andre
- Re: [xmpp] SCRAM as MTI?
  - From: Simon Josefsson
- Re: [xmpp] SCRAM as MTI?
  - From: Peter Saint-Andre

Prev by Date: Re: [xmpp] SCRAM as MTI?
Next by Date: Re: [xmpp] SCRAM as MTI?
Previous by thread: Re: [xmpp] SCRAM as MTI?
Next by thread: Re: [xmpp] SCRAM as MTI?
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.