[jdev] SASL question on RFC 3920
Justin Karneges
justin-keyword-jabber.093179 at affinix.com
Thu Jan 6 12:04:21 CST 2005
On Thursday 06 January 2005 03:46 pm, Jens Mikkelsen wrote:
> On Thu, 2005-01-06 at 17:56, Justin Karneges wrote:
> [...]
>
> > Whoa there. SASL can encrypt!
> >
> > SA = Simple authentication
> > SL = Security Layer (encryption) <------------------
>
> What kind of encryption? Is it just the authentication thats being
> encrypted? Is it just that digest and zeroK it refers to?
The entire channel is secured. It is not just during authentication.
The encryption used is dependent on the mechanism. DIGEST-MD5 offers a
security layer, as do some others. PLAIN does not. The strength of the
encryption is determined by a universal "security strength factor" (or SSF)
that is negotiated by the mechanism during authentication.
Have a look at Cyrus SASL to see how it is done. The application passes a
minimum and maximum SSF value to the library during initialization. Once the
app has authenticated, it feeds all incoming and outgoing socket data through
the library (in XMPP, this starts right after the last '>' character, as
described in xmpp-core, section 6.3).
-Justin
More information about the JDev
mailing list