[jdev] Sasl Md5 Digest Authentication Problem

Peter Saint-Andre stpeter at stpeter.im
Thu Mar 17 17:31:21 CST 2011


And, to amplify, ...

On 3/17/11 5:24 PM, Dave Cridland wrote:
> On Thu Mar 17 23:12:50 2011, A.Wagner wrote:
>> i am getting the challenge and build the response:
>> <response 
>> xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>longbase64encodedstring</response>
>>
>>
>>
> You almost never want to write your own DIGEST-MD5 code. (Aside from the
> fact that SCRAM is easier and better, lots of people have written
> DIGEST-MD5 code, and it'll probably "just work").

There's a reason why the IETF is deprecating DIGEST-MD5 in favor of
SCRAM, and why SCRAM will be the mandatory-to-implement in the new XMPP
specs.

http://tools.ietf.org/html/draft-ietf-kitten-digest-to-historic-02

http://tools.ietf.org/html/rfc5802

http://tools.ietf.org/html/draft-ietf-xmpp-3920bis-22#section-13.8

>> but then the server always responds with (even when response stanza is
>> empty):
>> <failure 
>> xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><invalid-authzid/></failure>
>>
>>
> I'm guessing this is jabber.org you're testing against. I'm not sure
> that's a great idea, but in any case that's a generic error with that
> implementation, so it could very easily be almost any error, in fact.

Please do test against multiple implementations -- *especially* when
testing DIGEST-MD5.

Peter

-- 
Peter Saint-Andre
https://stpeter.im/



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6105 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20110317/eea47842/attachment.bin>


More information about the JDev mailing list