[Standards] field report on authentication methods

Peter Saint-Andre stpeter at mozilla.com
Thu Aug 9 16:54:17 UTC 2018


On 8/9/18 9:51 AM, Sam Whited wrote:
> This is great stuff, thanks Peter! I'd love it if we could use jabber.org more; it's easy to forget that we have a great source of data about the network at our fingertips.
> 
> Given how small the percentage of logins over CRAM-MD5 and XEP-0078 are, can we disable those? Anything under 10% feels worth killing to me.

I'd be curious what cutoff percentages other services use, for instance
when stopping support for earlier versions of SSL or TLS. Less than 1%
for CRAM-MD5 seems fine (I don't even know what clients support that and
why), whereas 4% for XEP-0078 is a fairly large percentage. I'd want to
do further investigation regarding client versions before shutting off
4% of our users...

Peter

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20180809/49d7c626/attachment-0001.sig>


More information about the Standards mailing list