[jdev] Algorithms and XMPP

Simon Josefsson simon at josefsson.org
Mon Feb 22 02:26:03 CST 2010


Waqas Hussain <waqas20 at gmail.com> writes:

> There are a number of algorithms an XMPP developer needs to deal with,
> either directly or through a library. Some of these are defined in XEPs,
> while some are external specifications which we work with.
>
> These include:
>
> * DIGEST-MD5
> * SCRAM
> * Entity capabilities hashing
> * JID escaping
>
> Over the years, I’ve seen people trying to implement these through trial and
> error, and frequently getting them done only partially correctly. After
> helping people fix their DIGEST-MD5 implementations at least a dozen times,
> I think we have a problem.
>
> I propose that we start a small project to act as an aggregator for existing
> open source implementations which could be used as references. Once we have
> that going, an implementation selected for its readability could become the
> (official?) reference implementation.

I believe maintaining pointers to existing implementations (in various
languages), and publishing interop details between those
implementations, would help more than selecting one implementation as a
"reference" implementation.

In my experience, selecting one reference implementation have a tendency
to lead to software mono-culture, which eventually may lead to less
interop, in particular between existing deployments and newly written
software from the specification.

So I'm strongly in favor of helping XMPP implementers find good security
and i18n libraries to use (gsasl and libidn! :)) but I wouldn't support
focusing on just one implementation.

/Simon


More information about the JDev mailing list