[Standards] Fwd: SCRAM-*-PLUS examples and running servers?

Jehan Pagès jehan.marmottard at gmail.com
Wed Sep 7 14:05:37 UTC 2011


I forward this email on standards@, as I was adviced so that maybe
someone could help me.


---------- Forwarded message ----------
From: Jehan Pagès <jehan.marmottard at gmail.com>
Date: 2011/9/7
Subject: SCRAM-*-PLUS examples and running servers?
To: "kitten at ietf.org" <kitten at ietf.org>


I have 2 clients SASL SCRAM implementations (in Objective Caml, and
recently I added the support to the PHP Pear Auth_SASL package). I'd
like to add the channel binding support. I think that should be more
or less straightforward from reading the RFCs but what I miss are
specific examples to compare with and/or a server to test with
(ideally both!).

The example in section 5 of RFC5802 has no channel binding, nor has
the one in section 9.1.2 of RFC6120. Is there any other place with a
detailed example (whatever, a RFC, a blog post, or simply an answer to
this email! :-)?

And would you know any Free software server implementation (preferably
XMPP because I already have code to test with this, but some other
protocols may do the part) which supports channel binding on SCRAM?
The only I seem to find is M-Link from Isode, but it is not Free
Software so I cannot install it.
Alternatively if you have an already installed server with channel
binding and you would be willing to provide me a test account (hence
letting me do authentication tests on it), that would do it as well,
of course! (that's for a good cause, 2 Free Software implementations!)

Sorry for asking this on this standards list, but I did not know where
I could get these information otherwise, after searching quite a bit.


More information about the Standards mailing list