[standards-jig] Refreshing the Thread: EDigest
dizzyd at jabber.org
Wed May 28 12:39:09 UTC 2003
-----BEGIN PGP SIGNED MESSAGE-----
On Wednesday, May 28, 2003, at 04:30 America/Denver, Tijl Houtbeckers
> As I noted, you could still have plaintext available, if someone were
> to rewrite the servermodule for it. (For Digest, this is ofcourse
> impossible). The password would still not be stored in plaintext on the
> server, but you will be vonurable to sniffing (if you don't use SSL)
> and it's possible for an admin to intercept your password during login,
> so I can't recommend that. Still, maybe it would help some people if
> they're gonna switch over to edigest. Once the switch is completed they
> could disable plaintext and make everyone choose a new password.
Yup, you could continue to have plaintext/digest enabled.
> I think it's now a usefull alternative. I don't think you intend to
> deprecate "old" digest anymore either?
> I assume this will end up in a JEP eventually, do you intend to just
> cover :auth, or :register too? I assume I'd be desirable in some cases
> not to expose the password during registration either.
Yes, I'm hoping to get stpeter to include this in the standards-track
JEP. I'm not sure what you mean by "just cover :auth or :register"....
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (Darwin)
-----END PGP SIGNATURE-----
More information about the Standards