22 Jun
2026
22 Jun
'26
1:07 a.m.
On 12/05/2026 13.28, Florian Schmaus wrote:
I've uploaded draft-ietf-kitten-sasl-ht-01. The
major changes since the
adoption by the Kitten WG are
- the introduction of a response status byte to indicate success or
failure responses
- the capability to transmit authenticated key/value pairs in the
exchanged messages (e.g., for XEP-0474 [1])
SASL-HT is already deployed using an older and incompatible version of
the I-D in some parts of the XMPP ecosystem. Therefore, we probably need
to adjust the SASL Mechanism Name to avoid interoperability issues. For
example, from
HT-SHA-512-ENDP
to
HT2-SHA-512-ENDP
Please forgive my lack of creativity regarding the new name. Suggestions
on a more creative naming schema that is in-line with the constraints of
SASL Mechanism names are appreciated.
And, of course, feedback in general is welcomed.
I am going to ask the Kitten WG chair to initiate the next step for
SASL-HT this week. Therefore, *now* would be a good time for feedback.
FAST (XEP-0484) is currently using draft-schmaus-kitten-sasl-ht-09. The
diff between this version and the lastest can be viewed via
https://author-tools.ietf.org/iddiff?url1=draft-schmaus-kitten-sasl-ht-09&a…
The latest version of sasl-ht uses the HT2-* prefix for its SASl
mechanism name, instead of the HT-* prefix used by version -09. This
name adjustment was necessary because the wire protocol changed
slightly. It is perfectly fine for XEP FAST to continue using -09.
Support for HT2-*, and its advantages, like support for SASL downgrade
protection, can be deployed alongside it a later time (and shouldn't
require any changes to XEP FAST).
- Flow