[Standards] SASL's DIGEST-MD5: host or domain?

Dave Cridland dave at cridland.net
Tue Aug 16 12:56:27 UTC 2016

On 16 August 2016 at 13:41, Guus der Kinderen
<guus.der.kinderen at gmail.com> wrote:
> We found that, when handling the server side of things, Openfire expects the
> "host" part of the digest-uri value to be an XMPP domain name. This
> conflicts with the specification in RFC2831, which defines the "host" part
> as follows:

As a bit more background:

* RFC 6331 doesn't mention the digest-uri, because "everyone" knows
it's broken and shouldn't be checked. Apart from Oracle, it seems,
which validates it against the form serv-type "/" host
* RFC 2831 says it SHOULD [RFC 2119] be checked, because reasons.
* RFC 3920 includes a DIGEST-MD5 exchange as an example, which uses
xmpp/example.com as the digest-uri. It's not clear if this is the XMPP
service domain (ie, serv-name) or the "host".
* I've found the "xmpp" serv-type definition thanks to Ralph, but the
digest-uri really ought to be "xmpp/xmpp.example.com/example.com"
anyway. But if you did this Openfire definitely won't work, since the
Java DIGEST-MD5 implementation can't support that.


More information about the Standards mailing list