[Standards] TOTP and enforced password changes in SASL2

Jonas Wielicki jonas at wielicki.name
Thu Aug 24 14:58:40 UTC 2017

On Donnerstag, 24. August 2017 12:59:56 CEST Dave Cridland wrote:
> Now that an update to XEP-0388 has been published,  I thought I'd
> share what I've been trying to do with it. 
> […]

All of this sounds in general sensible. I was first a bit confused as to why 
you didn’t use the term "mechanism", but upon reading the updated XEP and your 
earlier emails on that subject, it makes sense.

However, it seems to me as if much of this could be solved with a normal 
stream feature without reworking how SASL authentication works in general in 

By offering only e.g. <post-sasl-tasks xmlns="…"><task>PASSWORD-RESET</task></
post-sasl-tasks> in the <stream:features/> after the authenticating RFC 6120 
SASL exchange, you’d achieve the same thing, afaict (except for the extra 
round-trip for the stream reset). Or am I overlooking something?

kind regards,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.jabber.org/pipermail/standards/attachments/20170824/868125ea/attachment.sig>

More information about the Standards mailing list