[Standards] A new SASL Profile strawman

Lance Stout lancestout at gmail.com
Wed May 4 18:45:54 UTC 2016

> On May 4, 2016, at 7:00 AM, Dave Cridland <dave at cridland.net> wrote:
> Folks,
> I had a nice chat with Ralph Meijer, and we idly discussed replacing the SASL profile in order to gain access to 2FA, fold in the Stream Resumption (Florian Schmaus's design, in effect), and make it a little more extensible, particularly with more detailed error messaging.

The basic proposal here looks sensible to me, and support for 2FA would be awesome. However, it does carry the cost of needing to upgrade one of the fundamental parts of XMPP session negotiation.

To be honest, if any such price is to be paid, I want it to bring significant benefits that can simplify the startup process.

The proposal is already tying itself to stream management, so let's push that further:

1. Opting to use new-SASL is also enabling stream management. This seems to be implied already for the proposal to meet its goals, but it would need to be more explicit.
2. JID binding included in new-SASL success response, so no need to manually request a binding (maybe even go so far as to not allow requesting a resource, just be assigned one)

Yes, this combines several existing, but related, stream features. This combination of features is one of the most well-trod of cow paths, and is what inflates the number of round-trip requests needed to start a usable session.


More information about the Standards mailing list