[jdev] Seeking jabber implementers for SCRAM-SHA-1 testing
dave at cridland.net
Tue Nov 3 03:07:44 CST 2009
On Tue Nov 3 06:33:09 2009, Simon Josefsson wrote:
> The latest release  of GNU SASL  has support for the new SASL
> mechanism SCRAM-SHA-1 and I'm trying to find interested jabber/XMPP
> implementers who are interested in testing how well it works in the
> protocol. Feel free to join discussions on help-gsasl at gnu.org, or
> e-mail me privately if you prefer.
> If someone else has implemented SCRAM-SHA-1 here, I would be
> in performing some interop testing with my implementation.
I have both an implementation of it and a suite of protocol
implementations that use it, including XMPP. (And IMAP, ESMTP, and -
naturally - ACAP). I added SCRAM to see how much harder it was than
DIGEST-MD5 - it turns out to be much, much easier. It's quite
possibly out of date WRT the spec, I did it during the last batch of
I believe that Alexey has the majority, at least, of a server-side
SCRAM-SHA-1 implementation for Cyrus SASL, too.
So in the short term, I can spin that up against whatever concrete
server you have that'll use SCRAM-SHA-1, I think. I believe it'll do
at least some forms of channel binding, too.
In the longer term, I'll try to push this code out, and quite
possibly tidy it up sufficiently to be useful to more than just me -
it's in a bit of a bad state at the moment.
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
More information about the JDev