[standards-jig] Re: [Foundation] Last Minute JEP 78 Concerns

Matt Tucker matt at jivesoftware.com
Wed May 28 18:24:42 UTC 2003


> Goteki,


>> +1. Let's make sure the current auth protocol is clearly documented 
>> (get rid of zeroK?) and move onto SASL, which is what we really want 
>> people to implement. I agree that this could be a good SASL mode though.
> You may want people to implement SASL, but I _know_ that they will 
> continue to use iq:auth. So what's the harm in having the choice?

My understanding was that we were trying to push everyone towards SASL 
as soon as possible. If that's not the case, then my mistake. If it is 
the case, why change auth now when we can just make edigest a SASL mode? 
If we do SASL and a new auth protocol at the same time, this seems like 
a confusing message to client and server developers. After all, we could 
add 50 new auth protocols to give people "better choice", but that 
wouldn't really be the best idea. Anytime we revise an existing 
protocol, it just seems like we need to weigh it against the other 
things we have on the table (in this case SASL). My +1 on Evan's 
comments is not a vote against edigest, just that it seems better to add 
it to SASL rather than going through the pain of modifying auth. Is 
there some reason that we don't think people will use SASL? Is it 
acceptable to us if they don't?


More information about the Standards mailing list