[Standards] field report on authentication methods
stpeter at mozilla.com
Thu Aug 9 16:54:17 UTC 2018
On 8/9/18 9:51 AM, Sam Whited wrote:
> This is great stuff, thanks Peter! I'd love it if we could use jabber.org more; it's easy to forget that we have a great source of data about the network at our fingertips.
> Given how small the percentage of logins over CRAM-MD5 and XEP-0078 are, can we disable those? Anything under 10% feels worth killing to me.
I'd be curious what cutoff percentages other services use, for instance
when stopping support for earlier versions of SSL or TLS. Less than 1%
for CRAM-MD5 seems fine (I don't even know what clients support that and
why), whereas 4% for XEP-0078 is a fairly large percentage. I'd want to
do further investigation regarding client versions before shutting off
4% of our users...
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the Standards