[Standards-JIG] SASL initial response

Peter Saint-Andre stpeter at jabber.org
Thu Sep 28 21:14:35 UTC 2006

Section 4, point 3 of RFC 4422 says the following about the message used
to initiate a SASL exchange:

   This message SHOULD contain an optional field for carrying an
   initial response.  If the message is defined with this field,
   the specification MUST describe how messages with an empty
   initial response are distinguished from messages with no
   initial response.  This field MUST be capable of carrying
   arbitrary sequences of octets (including zero-length sequences
   and sequences containing zero-valued octets).

In fact we discussed this back in January 2004, the thread starts here:


As far as I can see, currently we have no way of differentiating between
a message that has no initial response (e.g., <auth/> or <auth></auth>,
which are equivalent in XML) and a message that contains an empty
initial response (which seemingly would be <auth></auth>). IMAP signals
inclusion of an empty initial response with "=":


JD Conley suggested including a <response/> child:


So if there is no initial response, you would send:

<auth mechanism="..." xmlns="..."/>

or (equivalently in XML):

<auth mechanism="..." xmlns="..."></auth>

If there is a non-empty initial repsonse, you would send:

<auth mechanism="..." xmlns="...">

If there is an empty initial repsonse, you would send:

<auth mechanism="..." xmlns="...">

The same thing goes for "additional data with success", we'd need
something like this:

<success xmlns="...">

As far as I can see, we need this in order to comply with RFC 4422.


Peter Saint-Andre
Jabber Software Foundation

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20060928/d761ede2/attachment.bin>

More information about the Standards mailing list