Implement XEP-0480: SASL Upgrade Tasks #80
Comments
|
Side note: I've wrote a blog post about modern SASL authentication that more or less led to all of these SASL2 related XEPs over here: https://monal-im.org/post/00004-sasl/ |
|
Important too :) |
|
@tmolitor-stud-tu: Good news, @prefiks has added the support in xmpp 1.9.0 and ejabberd 24.10, a big thanks! |
|
Nice, thanks!! |
|
@badlop I'm sorry, the xep had two errors, fixed over here: xsf/xeps#1403 please fix the ejabberd implementation to match the new fixed xep version 0.2.0. |
|
Example: |
|
Fixed, thanks. |
|
@tmolitor-stud-tu, @weiss: Thanks for your reactivity! |
|
@badlop: Like you have seen, the @tmolitor-stud-tu XEP-0480 fix has been merged! XEP-0480 0.2.0 is now official: @weiss, @badlop: Thanks for your reactivity!
@badlop: Oups, I have seen that it is not upstream, can you update too? Initial commits from @prefiks are here:
ejabberd 24.10 specifications added by badlop: |
This is the last missing piece for modern SASL2 authentication: XEP-0480: SASL Upgrade Tasks is needed to make sure clients can update the old SHA-1 password hashes to more secure alternatives like SHA-256.
This isn't as urgent as the other SASL2 related stuff you just implemented, but needed to make sure we can transition from SHA-1 to something more secure before SCRAM-SHA-1 becomes insecure.
This transition will take quite some time, so it is good to start early with this.
I promise this is the last SASL-related implementation request I'm doing ;)
BTW: This XEP was originally developed inside the main SASL2 XEP (XEP-0388) but later factored out to not create another of these large XEPs like MUC or PubSub.
The text was updated successfully, but these errors were encountered: