-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/10/09 6:25 AM, Kurt Zeilenga wrote: > > On Nov 9, 2009, at 5:24 AM, Sebastiaan Deckers wrote: > >> Both RFC2831 (Digest SASL) and RFC3920 (XMPP Core) do not specify what >> the realm should be treated as by the client if it is missing from the >> challenge. >> > > RFC 2831 says about the server's advertise of realms: > > This directive is > optional; if not present, the client SHOULD solicit it from the > user or be able to compute a default; a plausible default might be > the realm supplied by the user when they logged in to the client > system. Multiple realm directives are allowed, in which case the > user or client must choose one as the realm for which to supply to > username and password. > > and says this about the client's response: > > The realm containing the user's account. This directive is > required if the server provided any realms in the > "digest-challenge", in which case it may appear exactly once and > its value SHOULD be one of those realms. If the directive is > missing, "realm-value" will set to the empty string when computing > A1 (see below for details). > > If the server provides one realm, use that. > If the server provides none: the client should ask the user for it and > if the user provides one, use that. Otherwise none. (If you want to > suggest one for the client to use, suggest the domain of the user's JID.) > If the server provides multiple: the client should choose which to use.
Perhaps it would be helpful to write an informational XEP about the use of DIGEST-MD5? Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkr4jHsACgkQNL8k5A2w/vxH6ACg6hIne3e+bkHiRc6hdOBd4VX1 HZIAnRCwuJeG43DZAGUOrvWEZX1noc96 =dedp -----END PGP SIGNATURE----- _______________________________________________ JDev mailing list Forum: http://www.jabberforum.org/forumdisplay.php?f=20 Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: jdev-unsubscr...@jabber.org _______________________________________________