[standards-jig] UPDATED: JEPs 77 and 78 (reg and auth)

Matt Tucker matt at jivesoftware.com
Thu May 29 03:26:57 UTC 2003


Peter,

I wonder if updating the JEP's is premature? I think there are still 
some serious questions about whether it's worthwile to modify the auth 
protocol and make edigest required when we're trying to push SASL 
support at the same time (especially when edigest provides only modest 
security gains). The alternate suggestion on the table was to make 
edigest a SASL mode if the other SASL modes don't offer resonable 
alternatives already.

Regards,
Matt

Peter Saint-Andre wrote:
> After a discussion with Dizzy, I've updated JEPs 77 and 78 to reflect
> list discussion regarding storage of encrypted secrets rather than 
> plaintext passwords. Let me know if I've missed anything.
> 
> http://www.jabber.org/jeps/jep-0077.html
> http://www.jabber.org/jeps/jep-0078.html
> 
> Peter
> 




More information about the Standards mailing list