[jdev] Sasl Md5 Digest Authentication Problem
Peter Saint-Andre
stpeter at stpeter.im
Thu Mar 17 17:31:21 CST 2011
And, to amplify, ...
On 3/17/11 5:24 PM, Dave Cridland wrote:
> On Thu Mar 17 23:12:50 2011, A.Wagner wrote:
>> i am getting the challenge and build the response:
>> <response
>> xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>longbase64encodedstring</response>
>>
>>
>>
> You almost never want to write your own DIGEST-MD5 code. (Aside from the
> fact that SCRAM is easier and better, lots of people have written
> DIGEST-MD5 code, and it'll probably "just work").
There's a reason why the IETF is deprecating DIGEST-MD5 in favor of
SCRAM, and why SCRAM will be the mandatory-to-implement in the new XMPP
specs.
http://tools.ietf.org/html/draft-ietf-kitten-digest-to-historic-02
http://tools.ietf.org/html/rfc5802
http://tools.ietf.org/html/draft-ietf-xmpp-3920bis-22#section-13.8
>> but then the server always responds with (even when response stanza is
>> empty):
>> <failure
>> xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><invalid-authzid/></failure>
>>
>>
> I'm guessing this is jabber.org you're testing against. I'm not sure
> that's a great idea, but in any case that's a generic error with that
> implementation, so it could very easily be almost any error, in fact.
Please do test against multiple implementations -- *especially* when
testing DIGEST-MD5.
Peter
--
Peter Saint-Andre
https://stpeter.im/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6105 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://www.jabber.org/jdev/attachments/20110317/eea47842/attachment.bin>
More information about the JDev
mailing list