[jdev] Seeking jabber implementers for SCRAM-SHA-1 testing
simon at josefsson.org
Tue Nov 3 03:48:44 CST 2009
Dave Cridland <dave at cridland.net> writes:
> On Tue Nov 3 06:33:09 2009, Simon Josefsson wrote:
>> The latest release  of GNU SASL  has support for the new SASL
>> mechanism SCRAM-SHA-1 and I'm trying to find interested jabber/XMPP
>> implementers who are interested in testing how well it works in the
>> protocol. Feel free to join discussions on help-gsasl at gnu.org, or
>> e-mail me privately if you prefer.
>> If someone else has implemented SCRAM-SHA-1 here, I would be
>> in performing some interop testing with my implementation.
> I have both an implementation of it and a suite of protocol
> implementations that use it, including XMPP. (And IMAP, ESMTP, and -
> naturally - ACAP). I added SCRAM to see how much harder it was than
> DIGEST-MD5 - it turns out to be much, much easier. It's quite
> possibly out of date WRT the spec, I did it during the last batch of
We'll find out. :-)
> I believe that Alexey has the majority, at least, of a server-side
> SCRAM-SHA-1 implementation for Cyrus SASL, too.
He told me it was only SCRAM-MD5, at least some time ago.
> So in the short term, I can spin that up against whatever concrete
> server you have that'll use SCRAM-SHA-1, I think. I believe it'll do
> at least some forms of channel binding, too.
I have a public IMAP test server up and running with SCRAM-SHA-1
support. No channel binding support yet. Host 'nubb.josefsson.org',
username 'user' and password 'pencil'. See:
Let me know if it does/doesn't work.
More information about the JDev