[standards-jig] Re: [Foundation] Last Minute JEP 78 Concerns

Iain Shigeoka iain at jivesoftware.com
Tue May 27 18:47:36 UTC 2003


On Tuesday, May 27, 2003, at 10:38 US/Pacific, Tijl Houtbeckers wrote:

> Dave Smith <dizzyd at jabber.org> wrote on 27-5-2003 19:33:38:
>>
>> This technique doesn't solve a replay problem -- it's not intended to.
>
> Even you yourself seem to agree this is mostly security trough
> obsucrity. Let's for a minute asume people will think this is a good

My understanding is that the enhancement is a slight tweak on the 
existing digest algorithm to protect the user's password _outside_ the 
context of jabber. However, the arguments for SASL digest seems pretty 
sound. I haven't really looked at it yet but if it is implementable 
within restricted environments (e.g. J2ME) it probably would be wisest 
to just push everyone in that direction rather than tweak something we 
really should be deprecating. Has anyone implemented SASL digest on 
J2ME?

-iain




More information about the Standards mailing list