[standards-jig] Re: [Foundation] Last Minute JEP 78 Concerns
dizzyd at jabber.org
Wed May 28 19:01:32 UTC 2003
-----BEGIN PGP SIGNED MESSAGE-----
On Wednesday, May 28, 2003, at 12:24 America/Denver, Matt Tucker wrote:
> My understanding was that we were trying to push everyone towards SASL
> as soon as possible. If that's not the case, then my mistake. If it is
> the case, why change auth now when we can just make edigest a SASL
> mode? If we do SASL and a new auth protocol at the same time, this
> seems like a confusing message to client and server developers. After
> all, we could add 50 new auth protocols to give people "better
> choice", but that wouldn't really be the best idea. Anytime we revise
> an existing protocol, it just seems like we need to weigh it against
> the other things we have on the table (in this case SASL). My +1 on
> Evan's comments is not a vote against edigest, just that it seems
> better to add it to SASL rather than going through the pain of
> modifying auth. Is there some reason that we don't think people will
> use SASL? Is it acceptable to us if they don't?
I mentioned this before, but maybe I wasn't clear....
From the top of this thread:
"SASL, while useful in this regard, may take a while to adopt and get
deployed. As such, perhaps we should consider a Jabber "native"
alternative that will solve this problem and provide a reasonable
alternative to parties who are not interested in implementing SASL."
If you want to make it a SASL mode too, then write up the JEP and do
the homework, build consensus and take it to the Council. We have a
process for these sorts of things. :)
Otherwise, I haven't heard any complaints about edigest as it's been
put forth last night. We've got client and server authors onboard who
think it's a reasonably good, incremental fix for the protocol before
it is set in (documented) stone.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (Darwin)
-----END PGP SIGNATURE-----
More information about the Standards