[standards-jig] UPDATED: JEPs 77 and 78 (reg and auth)

Peter Saint-Andre stpeter at jabber.org
Thu May 29 03:43:59 UTC 2003


My apologies -- I've been too busy to read all 100 messages in the
thread on this, will attempt to catch up tomorrow.

Peter

On Wed, May 28, 2003 at 11:26:57PM -0400, Matt Tucker wrote:
> Peter,
> 
> I wonder if updating the JEP's is premature? I think there are still 
> some serious questions about whether it's worthwile to modify the auth 
> protocol and make edigest required when we're trying to push SASL 
> support at the same time (especially when edigest provides only modest 
> security gains). The alternate suggestion on the table was to make 
> edigest a SASL mode if the other SASL modes don't offer resonable 
> alternatives already.
> 
> Regards,
> Matt
> 
> Peter Saint-Andre wrote:
> >After a discussion with Dizzy, I've updated JEPs 77 and 78 to reflect
> >list discussion regarding storage of encrypted secrets rather than 
> >plaintext passwords. Let me know if I've missed anything.
> >
> >http://www.jabber.org/jeps/jep-0077.html
> >http://www.jabber.org/jeps/jep-0078.html
> >
> >Peter



More information about the Standards mailing list