[standards-jig] Small Footprint Clients and Authentication

Evan Prodromou evan at prodromou.san-francisco.ca.us
Thu May 29 03:59:28 UTC 2003


So, I'm still trying to wrap my head around the small-footprint
argument for using jabber:iq:auth as a non-deprecated parallel
authentication algorithm.

I'm just having a hard time believing that there are clients that can
afford the codespace for creating SHA1 digests that can't afford the
codespace for creating MD5 digests. AFAIK, the difference in
complexity between the two is negligible, and if anything MD5 is
easier (and faster).

Or maybe it's the combination of MD5 + base-64 encoding? I dunno. Or
that you can do a barebones plaintext jabber:iq:auth session without
any transformation, but you need base-64 just to do plaintext
authentication in the SASL framework?

Could someone straighten me out on the advantage of jabber:iq:auth
over XMPP SASL for small footprint clients?

~ESP

-- 
Evan Prodromou
evan at prodromou.san-francisco.ca.us






More information about the Standards mailing list