[standards-jig] Re: [Foundation] Last Minute JEP 78 Concerns

Tijl Houtbeckers thoutbeckers at splendo.com
Tue May 27 17:16:13 UTC 2003

Peter Saint-Andre <stpeter at jabber.org> wrote on 27-5-2003 17:45:00:
>OK. I guess I have two questions:
>1. Is it realistic to expect clients on all platforms to support SASL?
>Remember that I'm not a coder. :-) However, I've been told that it is
>unreasonable to expect some platforms (J2ME is the main one I've heard
>mentioned) to support SASL authentication anytime soon.

It's not that it can't be implemented in J2ME. It's more that it takes 
more code to do so. Currently many popular J2ME target devices that 
will be here for the next few years have a 64KB or even 50KB limit on 
program size. But even SHA1 is often too big then, wich I believe is 
required by SASL! 

That currently leaves only plaintekst. You can do better (for mobile 
phones) if you work together with the operators but that's a painfull 
and slow process, and ofcourse not available to everyone. Another 
alternative is that some devices support making an HTTP request over 
SSL, wich could be used for external authentication. Some newer devices 
will support SSL sockets as well. 

Tijl Houtbeckers
Software Engineer @ Splendo
The Netherlands

More information about the Standards mailing list