[jdev] Seeking jabber implementers for SCRAM-SHA-1 testing

Dave Cridland dave at cridland.net
Tue Nov 3 03:07:44 CST 2009

On Tue Nov  3 06:33:09 2009, Simon Josefsson wrote:
> The latest release [1] of GNU SASL [2] has support for the new SASL
> mechanism SCRAM-SHA-1 and I'm trying to find interested jabber/XMPP
> implementers who are interested in testing how well it works in the  
> protocol.  Feel free to join discussions on help-gsasl at gnu.org, or
> e-mail me privately if you prefer.
> If someone else has implemented SCRAM-SHA-1 here, I would be  
> interested
> in performing some interop testing with my implementation.

I have both an implementation of it and a suite of protocol  
implementations that use it, including XMPP. (And IMAP, ESMTP, and -  
naturally - ACAP). I added SCRAM to see how much harder it was than  
DIGEST-MD5 - it turns out to be much, much easier. It's quite  
possibly out of date WRT the spec, I did it during the last batch of  

I believe that Alexey has the majority, at least, of a server-side  
SCRAM-SHA-1 implementation for Cyrus SASL, too.

So in the short term, I can spin that up against whatever concrete  
server you have that'll use SCRAM-SHA-1, I think. I believe it'll do  
at least some forms of channel binding, too.

In the longer term, I'll try to push this code out, and quite  
possibly tidy it up sufficiently to be useful to more than just me -  
it's in a bit of a bad state at the moment.

Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade

More information about the JDev mailing list