[standards-jig] Re: [Foundation] Last Minute JEP 78 Concerns
matt at jivesoftware.com
Wed May 28 18:24:42 UTC 2003
>> +1. Let's make sure the current auth protocol is clearly documented
>> (get rid of zeroK?) and move onto SASL, which is what we really want
>> people to implement. I agree that this could be a good SASL mode though.
> You may want people to implement SASL, but I _know_ that they will
> continue to use iq:auth. So what's the harm in having the choice?
My understanding was that we were trying to push everyone towards SASL
as soon as possible. If that's not the case, then my mistake. If it is
the case, why change auth now when we can just make edigest a SASL mode?
If we do SASL and a new auth protocol at the same time, this seems like
a confusing message to client and server developers. After all, we could
add 50 new auth protocols to give people "better choice", but that
wouldn't really be the best idea. Anytime we revise an existing
protocol, it just seems like we need to weigh it against the other
things we have on the table (in this case SASL). My +1 on Evan's
comments is not a vote against edigest, just that it seems better to add
it to SASL rather than going through the pain of modifying auth. Is
there some reason that we don't think people will use SASL? Is it
acceptable to us if they don't?
More information about the Standards