[standards-jig] auth & reg redux

Tijl Houtbeckers thoutbeckers at splendo.com
Mon Jun 2 00:11:58 UTC 2003


Robert Norris <rob at cataclysm.cx> wrote on 2-6-2003 1:56:59:
>
>> I know that we have SASL to replace auth, but is there something in 
>> the pipeline to replace register? Also, register is probably secure 
>> enough *if* you're using TLS. :)
>
>I've seen the SASL PLAIN mechanism used for in-band registration before
>(and Cyrus SASL even has an option to enable this). The server offers
>PLAIN over a protected (TLS) channel, and then stores the credentials
>presented by the client. Next time, the client takes DIGEST-MD5 or some
>such.

That doesn't, however, accomplish what iq:register for edigest (as 
proposed in stpeter's JEP) does. It still exposes your password to the 
server. 


-- 
Tijl Houtbeckers
Software Engineer @ Splendo
The Netherlands




More information about the Standards mailing list