[jdev] No realm from server
Simon Josefsson
simon at josefsson.org
Sat Nov 14 06:30:40 CST 2009
Peter Saint-Andre <stpeter at stpeter.im> writes:
> On 11/13/09 9:04 AM, Tobias Markmann wrote:
>> On Fri, Nov 13, 2009 at 1:00 AM, Peter Saint-Andre <stpeter at stpeter.im
>> <mailto:stpeter at stpeter.im>> wrote:
>>
>> Never enough helpful documentation for developers. :)
>>
>>
>> Sure. However with prosody we've decided to follow to road of maximum
>> interoperability considering the large variety of broken and RFC
>> violating implementations. So we try to let the client securely login as
>> good as we can and if we can't the login just fails. Even if it means
>> setting a realm if it's missing, adjusting it, and so on. There are
>> quite some code in prosody's DIGEST-MD5 code only for interoperability.
>> I deeply hope we can go cleaner and more strict with SCRAM-*.
>
> SCRAM was designed to be cleaner. Let's hope it is in practice. :)
There is no realm field in SCRAM, so at least for this particular
problem it is cleaner. For other areas, we'll see.
/Simon
More information about the JDev
mailing list