[Standards-JIG] SASL initial response

JD Conley jd.conley at coversant.net
Thu Sep 28 21:29:14 UTC 2006


There are so many implementations out there now that we'd break a lot by
including a response element. In January 2004 that wasn't as big of an
issue. :)

-JD

-----Original Message-----
From: standards-jig-bounces at jabber.org
[mailto:standards-jig-bounces at jabber.org] On Behalf Of Peter Saint-Andre
Sent: Thursday, September 28, 2006 2:15 PM
To: standards-jig at jabber.org
Subject: [Standards-JIG] SASL initial response

Section 4, point 3 of RFC 4422 says the following about the message used
to initiate a SASL exchange:

   This message SHOULD contain an optional field for carrying an
   initial response.  If the message is defined with this field,
   the specification MUST describe how messages with an empty
   initial response are distinguished from messages with no
   initial response.  This field MUST be capable of carrying
   arbitrary sequences of octets (including zero-length sequences
   and sequences containing zero-valued octets).

In fact we discussed this back in January 2004, the thread starts here:

http://mail.jabber.org/pipermail/xmppwg/2004-January/001961.html

As far as I can see, currently we have no way of differentiating between
a message that has no initial response (e.g., <auth/> or <auth></auth>,
which are equivalent in XML) and a message that contains an empty
initial response (which seemingly would be <auth></auth>). IMAP signals
inclusion of an empty initial response with "=":

http://mail.jabber.org/pipermail/xmppwg/2004-January/001975.html
http://ietfreport.isoc.org/idref/draft-siemborski-imap-sasl-initial-resp
onse/

JD Conley suggested including a <response/> child:

http://mail.jabber.org/pipermail/xmppwg/2004-January/001966.html

So if there is no initial response, you would send:

<auth mechanism="..." xmlns="..."/>

or (equivalently in XML):

<auth mechanism="..." xmlns="..."></auth>

If there is a non-empty initial repsonse, you would send:

<auth mechanism="..." xmlns="...">
  <response>...</response>
</auth>

If there is an empty initial repsonse, you would send:

<auth mechanism="..." xmlns="...">
  <response></response>
</auth>

The same thing goes for "additional data with success", we'd need
something like this:

<success xmlns="...">
  <data></data>
</success>

As far as I can see, we need this in order to comply with RFC 4422.

Peter

-- 
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.shtml




More information about the Standards mailing list