[Standards] JID Escaping

Mridul Muralidharan mridul at sun.com
Thu Aug 2 15:51:49 UTC 2007


Ralph Meijer wrote:
> On Thu, 2007-08-02 at 17:21 +0200, Robin Redeker wrote:
>> It seems that at least the majority of the whidely deployed servers
>> support \ in JIDs in DIGEST-MD5 SASL authentication due to faulty SASL
>> DIGEST-MD5 implementations.
>>
>> However, using the PLAIN authentication method seems to work!
> 
> Well yeah. As we discussed in the jdev room, the DIGEST-MD5 mechanism
> keeps on piling up new issues. SASL lib devs are tired of its complexity
> and incompatible implementations.
> 
> As was suggested in March in response to the unwillingness to go further
> with the DIGEST-MD5 bis RFC (following RFC 4422), we should think about
> dropping DIGEST-MD5 altogether in favour of something based around
> SHA256, for example.
> 
> That said, I'm wondering if we should really try to go further with
> general JID escaping. I'm sure in some edge cases, you would want to be
> able to use apostrophes in user ids. But I think that that is rare. I've
> never seen an e-mail address with an apostrophe.
> 
> Also, why go through all the effort to sync with e-mail addresses when
> we have a far richer character repertoire in terms of non-latin
> characters? Note that RFC2822 doesn't even allow umlauts, for example,
> so you can never translate full names to usernames in either addressing
> scheme.
> 
> Do we really need to have these extra characters?
> 

Yes, we do.
I have mentioned quite a lot of instances where this is required.

- Mridul



More information about the Standards mailing list