[Standards] SASL's DIGEST-MD5: host or domain?

Ralph Meijer ralphm at ik.nu
Tue Aug 16 13:32:35 UTC 2016


On August 16, 2016 3:09:31 PM GMT+02:00, Kurt Zeilenga <kurt.zeilenga at isode.com> wrote:
>
>> On Aug 16, 2016, at 5:41 AM, Guus der Kinderen
><guus.der.kinderen at gmail.com> wrote:
>> 
>> Interoperability problems galore!
>
>Welcome to DIGEST-MD5!
>
>I recommend avoiding this mechanism.  Use SCRAM instead (preferably
>PLUS channel bindings) instead.
>
>-- Kurt
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Standards mailing list
>Info: http://mail.jabber.org/mailman/listinfo/standards
>Unsubscribe: Standards-unsubscribe at xmpp.org
>_______________________________________________

Well sure. It's been deprecated by the XMPP community, too. However it is still abundant in the wild.

It seems to me that we just have to live with the form xmpp/example.org, where the host part really is the domain instead of the hostname. Of course, accepting the more correct version of xmpp/foo.example.org/example.org is commendable, but not required.

FWIW, the XMPP SASL code in Twisted also does the 'wrong' thing.


-- 
ralphm
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20160816/8aa60f9c/attachment-0001.html>


More information about the Standards mailing list