[standards-jig] Re: [Foundation] Last Minute JEP 78 Concerns

Richard Dobson richard at dobson-i.net
Tue May 27 20:54:40 UTC 2003


> I'd recommend that we go ahead an use <edigest> and deprecate usage of
> <digest>. This path ensure backwards compatibility.

What if for some reason someone wants to store a plain text password in
their backend systems because it is being used by other systems too? As long
as a persons backend is secure you should be ok, and as has already been
said what is the point if it does not give any real benefit?

If you really want to have edigest as an option then fine but I certainly
dont thing normal digest should be deprecated as I think a lot of people
have better things to do than implement a pretty pointless (in terms of
actual benefit to jabber users) cosmetic fix.

Also since to maintain backwards compatibility with clients that dont
implement this the standard digest will still have to be used on servers so
the primary benefit (not storing a plain text password on the back end) is
eliminated.

I vote to just go along and use and implement SASL instead of wasting time
and energy on this.

Richard




More information about the Standards mailing list