[Standards] NEW: XEP-0438 (Best practices for password hashing and storage)

Dave Cridland dave at cridland.net
Wed May 13 14:15:25 UTC 2020


Further to this: Sam's Draft is now in the process of being adopted - it'd
be great if people would join that list and show interest in working on it.

On Wed, 6 May 2020 at 22:51, Dave Cridland <dave at cridland.net> wrote:

> Hi all,
>
> Sam has also submitted this XEP in a significantly expanded form to the
> [IETF], and raised it in the [KITTEN] working group. The current status
> within the IETF is an "individual draft", and while it can get to RFC
> status like that, I think formal adoption as a "working group draft" would
> be better for the document - it'll get more review, and a better status
> when published as an RFC. (It's also quite a bit easier for Sam).
>
> I would encourage anyone who's interested in this area to join the KITTEN
> mailing list and express some interest (or, even better, read the doc and
> send a message to the list with comments). The Working Group Chairs will
> need to be convinced that there is real interest out there, understandably,
> so doing so will help make this document better.
>
> There is other stuff of interest to security-conscious XMPP folk in
> KITTEN, being the home of SASL, so it's well worth joining. In addition, a
> lot of the work we do herein the XSF is largely invisible to the IETF; I
> believe the people in this group have much to offer the IETF as well as
> vice-versa, and this represents a good opportunity for cross-pollination.
>
> Dave.
>
> [IETF] -
> https://datatracker.ietf.org/doc/draft-whited-kitten-password-storage/
> [KITTEN] - https://datatracker.ietf.org/wg/kitten/about/
>
> On Tue, 5 May 2020 at 20:08, Jonas Schäfer <jonas at wielicki.name> wrote:
>
>> Version 0.1.1 of XEP-0438 (Best practices for password hashing and
>> storage) has been released.
>>
>> Abstract:
>> This document outlines best practices for handling user passwords on
>> the public Jabber network for both clients and servers.
>>
>> Changelog:
>> Fix reference to external document (ssw)
>>
>> URL: https://xmpp.org/extensions/xep-0438.html
>>
>> Note: The information in the XEP list at https://xmpp.org/extensions/
>> is updated by a separate automated process and may be stale at the
>> time this email is sent. The XEP documents linked herein are up-to-
>> date.
>> _______________________________________________
>> Standards mailing list
>> Info: https://mail.jabber.org/mailman/listinfo/standards
>> Unsubscribe: Standards-unsubscribe at xmpp.org
>> _______________________________________________
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20200513/02354e2b/attachment-0001.html>


More information about the Standards mailing list