[Standards] NEW: XEP-0438 (Best practices for password hashing and storage)

Dave Cridland dave at cridland.net
Wed May 6 21:51:51 UTC 2020


Hi all,

Sam has also submitted this XEP in a significantly expanded form to the
[IETF], and raised it in the [KITTEN] working group. The current status
within the IETF is an "individual draft", and while it can get to RFC
status like that, I think formal adoption as a "working group draft" would
be better for the document - it'll get more review, and a better status
when published as an RFC. (It's also quite a bit easier for Sam).

I would encourage anyone who's interested in this area to join the KITTEN
mailing list and express some interest (or, even better, read the doc and
send a message to the list with comments). The Working Group Chairs will
need to be convinced that there is real interest out there, understandably,
so doing so will help make this document better.

There is other stuff of interest to security-conscious XMPP folk in KITTEN,
being the home of SASL, so it's well worth joining. In addition, a lot of
the work we do herein the XSF is largely invisible to the IETF; I believe
the people in this group have much to offer the IETF as well as vice-versa,
and this represents a good opportunity for cross-pollination.

Dave.

[IETF] -
https://datatracker.ietf.org/doc/draft-whited-kitten-password-storage/
[KITTEN] - https://datatracker.ietf.org/wg/kitten/about/

On Tue, 5 May 2020 at 20:08, Jonas Schäfer <jonas at wielicki.name> wrote:

> Version 0.1.1 of XEP-0438 (Best practices for password hashing and
> storage) has been released.
>
> Abstract:
> This document outlines best practices for handling user passwords on
> the public Jabber network for both clients and servers.
>
> Changelog:
> Fix reference to external document (ssw)
>
> URL: https://xmpp.org/extensions/xep-0438.html
>
> Note: The information in the XEP list at https://xmpp.org/extensions/
> is updated by a separate automated process and may be stale at the
> time this email is sent. The XEP documents linked herein are up-to-
> date.
> _______________________________________________
> Standards mailing list
> Info: https://mail.jabber.org/mailman/listinfo/standards
> Unsubscribe: Standards-unsubscribe at xmpp.org
> _______________________________________________
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20200506/abf05b58/attachment.html>


More information about the Standards mailing list