[standards-jig] Re: [Foundation] Last Minute JEP 78 Concerns

Nathan Walp faceprint at faceprint.com
Tue May 27 22:03:53 UTC 2003


On Tue, May 27, 2003 at 03:26:37PM -0600, Dave Smith wrote:
> To clarify, one more time, we're talking about sending a digest of the 
> digest and a one time session identifier over the wire.
> 
> i.e.
> 
> digest auth == SHA1(stream id + password-plaintext)
> 
> edigest auth == SHA1(stream id + SHA1(password-plaintext))
> 
> This would mean that one never sends the plaintext password over the 
> wire, even for registration.

Which BREAKS the ability to do plaintext or digest auth.  It's backwards
IN-compatable, making it not the right way to go about things.


Nathan

-- 
Nathan Walp             || faceprint at faceprint.com
GPG Fingerprint:        ||   http://faceprint.com/
5509 6EF3 928B 2363 9B2B  DA17 3E46 2CDC 492D DB7E

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/standards/attachments/20030527/1732bcf7/attachment.sig>


More information about the Standards mailing list