[standards-jig] auth & reg redux

Matt Tucker matt at jivesoftware.com
Fri May 30 16:54:49 UTC 2003


I know that we have SASL to replace auth, but is there something in the 
pipeline to replace register? Also, register is probably secure enough 
*if* you're using TLS. :)


Peter Saint-Andre wrote:
> So it seems like this "esecret" and "edigest" stuff was premature. I'm
> going to remove that content from JEPs 77 and 78 respectively. I'm also
> going to add information about deprecating these protocols. Well, at
> least for jabber:iq:auth. Any thoughts on deprecating jabber:iq:register
> as well? It does seem woefully insecure, so my feeling is that we would
> do best to put both of these protocols on a schedule for review and 
> potential deprecation by the Council -- every six months seems to be 
> about right.

More information about the Standards mailing list