[jdev] MD5 auth problem

Dave Cridland dave at cridland.net
Thu May 25 07:34:31 CDT 2006


On Thu May 25 12:58:21 2006, Norman Rasmussen wrote:
> mmm, all true.

Trouble is with security, it's hard to know which parts are paranoia, 
and which are sound precautions.

>   Either way Ulrich's users are going to have to provide
> their password in 'plain' format at least once to start using 
> jabber.
> (either via a script on the web-site or via sasl or iq plain)

Yes.

I can't actually find anything in RFC3920 about transitioning, 
though. As far as I know, only ACAP and POP3 have the signalling 
required. It's possible that the thinking has changed on whether 
transitioning is "good" or not, though, I shall find out.

Transitioning might be something to raise during RFC3920bis 
development, perhaps.

Dave.
-- 
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at jabber.org
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade



More information about the JDev mailing list