[Standards] XEP-0388 (SASL2) Update

Dave Cridland dave at cridland.net
Tue Aug 15 15:12:15 UTC 2017

GitHub PR: https://github.com/xsf/xeps/pull/493


I've had a bit of a crack at implementing SASL2 in Openfire, with a
view to getting "Password change at next login" and (in the future)
TOTP support in place around SASL2. I've also implemented it in

In the course of this, I found various things about the design which
either didn't work, or else caused rather more effort than I really

The main changes I've made are:

* I did away with the "=" encoding for empty strings. It was daft, as
Alexey suggested, and wasn't required.
* <success/> is now followed immediately by <stream:features/>.
Otherwise it's very hard to decide what to do next. There's no stream
restart, so this is still keeping the RTTs down.
* <continue/> now talks about "tasks" rather than special SASL
mechanisms. Tasks have essentially the same interface as SASL mechs,
but do different things - trying to shoehorn them into the same thing
wasn't mentally working for me, and for some reason everything got
simpler after I stopped pretending.

These changes made it fairly straightforward to implement.

Comments welcome...


More information about the Standards mailing list