[Standards] Proposed XMPP Extension: Best practices for password hashing and storage

Dave Cridland dave at cridland.net
Tue Apr 21 18:41:47 UTC 2020


On Tue, 21 Apr 2020 at 11:50, <pep at bouah.net> wrote:

> The XMPP Extensions Editor has received a proposal for a new XEP.
>
> Title: Best practices for password hashing and storage
> Abstract:
> This document outlines best practices for handling user passwords on
> the public Jabber network for both clients and servers.
>
> URL: https://xmpp.org/extensions/inbox/password-storage.html


I'll start by making this very clear: This is a really useful document, and
will provide substantial value to server operators and implementers both on
the public Jabber network and in other settings.

However, I would like to encourage the author to approach the IETF KITTEN
working group to see if there's interest in publishing through that route
instead, as I think it'd gain more qualified review and therefore more
value.

But if they don't want to put in the effort to see it published as an RFC,
then I'm happy that we publish.

Dave.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20200421/f0dec7cd/attachment.html>


More information about the Standards mailing list