[standards-jig] Small Footprint Clients and Authentication

Tijl Houtbeckers thoutbeckers at splendo.com
Fri May 30 00:45:16 UTC 2003


Robert Norris <rob at cataclysm.cx> wrote on 30-5-2003 2:34:16:
>
>> >> 11.5 Mandatory to Implement Technologies
>> >
>> >Key word is "implement". In order to be considered compliant, a 
>> >server myst implement DIGEST-MD5. If I'm an administrator, I don't 
>> >have to make it available to clients.
>> 
>> OK, maybe I missed something. This part of the spec is only for 
>> servers? (still, to be required to implement something you'll never 
>> use?) 
>
>You make a good point - didn't think of clients when reading this.
>
>Perhaps implementing DIGEST-MD5 should be a MUST requirement for
>servers, and a SHOULD requirement for clients? Same for the TLS stuff.
>That way, a client can not implement something if it doesn't work for
>its particular circumstances?
>
>I'll raise this on the XMPP working group list.

That was my suggestion, that is.. I didn't really think of servers when 
reading this. *cough* I wonder why we look at those docs so differently.
 

SASL will be a lot easyer to do if I'm no longer forced to implement 
DIGEST-MD5. Not that I would when anyway I have better alternatives, 
but I'd still be nice to call my client XMPP compatible. I suppose, for 
servers codesize is not so much an issue anymore, not for relativly 
"small" things like MD5 anyway. That could stay a MUST for all I care. 

-- 
Tijl Houtbeckers
Software Engineer @ Splendo
The Netherlands




More information about the Standards mailing list