[jdev] Seeking jabber implementers for SCRAM-SHA-1 testing
Dave Cridland
dave at cridland.net
Tue Nov 3 04:14:54 CST 2009
On Tue Nov 3 09:48:44 2009, Simon Josefsson wrote:
> Dave Cridland <dave at cridland.net> writes:
> > I have both an implementation of it and a suite of protocol
> > implementations that use it, including XMPP. (And IMAP, ESMTP,
> and -
> > naturally - ACAP). I added SCRAM to see how much harder it was
> than
> > DIGEST-MD5 - it turns out to be much, much easier. It's quite
> > possibly out of date WRT the spec, I did it during the last batch
> of
> > GSSAPIisms.
>
> We'll find out. :-)
>
>
Probably, yes. :-)
> > I believe that Alexey has the majority, at least, of a server-side
> > SCRAM-SHA-1 implementation for Cyrus SASL, too.
>
> He told me it was only SCRAM-MD5, at least some time ago.
>
>
Yes, that's true. But my implementation also does SCRAM-MD5, so
that's okay.
> > So in the short term, I can spin that up against whatever concrete
> > server you have that'll use SCRAM-SHA-1, I think. I believe it'll
> do
> > at least some forms of channel binding, too.
>
> I have a public IMAP test server up and running with SCRAM-SHA-1
> support. No channel binding support yet. Host
> 'nubb.josefsson.org',
> username 'user' and password 'pencil'. See:
Excellent, I'll point my client at that and see what happens.
Dave.
--
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
More information about the JDev
mailing list