[standards-jig] SSL/TLS mandatory
justin-keyword-jabber.093179 at affinix.com
Mon Jan 26 00:08:05 UTC 2004
On Sunday 25 January 2004 03:28 pm, Matthias Wimmer wrote:
> Hi Justin!
> Justin Karneges schrieb am 2004-01-25 14:07:59:
> > However, it's worth noting that XMPP also supports SASL encryption. This
> > is optimal for login-based protocols (such as Jabber), because the
> > password is used as a shared secret instead of a certificate. Many of
> > the free public servers will love this.
> Are there any authentication mechanisms defined for SASL that provide
> encryption? I know that SASL can handle this, but I don't know a SASL
> mechanism that actually provides encryption.
DIGEST-MD5 does. The problem is that jabberd2 and ejabberd only support the
'SA' part, and not the 'SL', of this mechanism. This is mainly because they
roll their own algorithm instead of using a library.
The Cyrus SASL library supports the full DIGEST-MD5 spec, and seems to work
great (I've created both client and server XMPP code that uses it).
More information about the Standards