[standards-jig] Small Footprint Clients and Authentication

Matt Tucker matt at jivesoftware.com
Fri May 30 06:17:27 UTC 2003

Evan and all,

Is it a bit overkill to argue that all of our standards efforts should 
be based on the capabilities of small device clients? They are certainly 
important, but my bet is that they will make up a very small percentage 
of overall XMPP usage. If we change all wording to SHOULD in the spec, 
then we don't have much of a spec and nobody can depend on anything. As 
an alternative to eroding the SASL requirements -- what if we were to 
create a special mobile device spec that relaxed some of the 
requirements in the standard protocol? Mobile devices could then conform 
to this spec and still be labeled as "compliant".


>I think the root of the problem here is that the XMPP's requirement
>that DIGEST-MD5 authentication MUST be supported should be downgraded
>to a SHOULD. This would allow small-footprint clients to use plaintext
>passwords within the framework of XMPP.

More information about the Standards mailing list