[standards-jig] Small Footprint Clients and Authentication

Tijl Houtbeckers thoutbeckers at splendo.com
Thu May 29 23:29:47 UTC 2003

Robert Norris <rob at cataclysm.cx> wrote on 30-5-2003 1:13:33:
>> but, even though I work with (very) small footprint devices I can't 
>> really give an answer here (yet) because of the limited resources of 
>> my devices I use plaintext authentication when space is really 
>> restricted. That already means I can't do SASL and won't be able to 
>> do so for years to come in many devices. However, I don't use digest 
>> or edigest in this case either, so it's less relevant for the 
>> edigest discussion. 
>SASL does have a PLAIN mechanism, which is dead simpler. True, XMPP 
>does not require it, but I fully expect most servers to implement it.
>Whether deployed servers make it available or not is another story, but
>then again, there's nothing requiring a server administrator to make
>DIGEST-MD5 available either, so that argument is fairly pointless.

XMPP Core:

11.5 Mandatory to Implement Technologies

At a minimum, all implementations MUST support the following 

for authentication:
the SASL DIGEST-MD5 mechanism 

for confidentiality:
TLS (using the TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher) 

for both:
TLS (using the TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher supporting client-
side certificates) "

It would at least have to be changed to a "SHOULD".

Tijl Houtbeckers
Software Engineer @ Splendo
The Netherlands

More information about the Standards mailing list