[standards-jig] UPDATED: JEPs 77 and 78 (reg and auth)
stpeter at jabber.org
Thu May 29 03:43:59 UTC 2003
My apologies -- I've been too busy to read all 100 messages in the
thread on this, will attempt to catch up tomorrow.
On Wed, May 28, 2003 at 11:26:57PM -0400, Matt Tucker wrote:
> I wonder if updating the JEP's is premature? I think there are still
> some serious questions about whether it's worthwile to modify the auth
> protocol and make edigest required when we're trying to push SASL
> support at the same time (especially when edigest provides only modest
> security gains). The alternate suggestion on the table was to make
> edigest a SASL mode if the other SASL modes don't offer resonable
> alternatives already.
> Peter Saint-Andre wrote:
> >After a discussion with Dizzy, I've updated JEPs 77 and 78 to reflect
> >list discussion regarding storage of encrypted secrets rather than
> >plaintext passwords. Let me know if I've missed anything.
More information about the Standards