[standards-jig] Re: [Foundation] Last Minute JEP 78 Concerns

Dave Smith dizzyd at jabber.org
Wed May 28 19:01:32 UTC 2003

Hash: SHA1


On Wednesday, May 28, 2003, at 12:24 America/Denver, Matt Tucker wrote:

> My understanding was that we were trying to push everyone towards SASL 
> as soon as possible. If that's not the case, then my mistake. If it is 
> the case, why change auth now when we can just make edigest a SASL 
> mode? If we do SASL and a new auth protocol at the same time, this 
> seems like a confusing message to client and server developers. After 
> all, we could add 50 new auth protocols to give people "better 
> choice", but that wouldn't really be the best idea. Anytime we revise 
> an existing protocol, it just seems like we need to weigh it against 
> the other things we have on the table (in this case SASL). My +1 on 
> Evan's comments is not a vote against edigest, just that it seems 
> better to add it to SASL rather than going through the pain of 
> modifying auth. Is there some reason that we don't think people will 
> use SASL? Is it acceptable to us if they don't?

I mentioned this before, but maybe I wasn't clear....

 From the top of this thread:

"SASL, while useful in this regard, may take a while to adopt and get 
deployed. As such, perhaps we should consider a Jabber "native" 
alternative that will solve this problem and provide a reasonable 
alternative to parties who are not interested in implementing SASL."

If you want to make it a SASL mode too, then write up the JEP and do 
the homework, build consensus and take it to the Council. We have a 
process for these sorts of things. :)

Otherwise, I haven't heard any complaints about edigest as it's been 
put forth last night. We've got client and server authors onboard who 
think it's a reasonably good, incremental fix for the protocol before 
it is set in (documented) stone.

Version: GnuPG v1.2.1 (Darwin)


More information about the Standards mailing list