Re: [Standards] NEW: XEP-0438 (Best practices for password hashing and storage)

[Dave Cridland]

Further to this: Sam's Draft is now in the process of being adopted - it'd
be great if people would join that list and show interest in working on it.

On Wed, 6 May 2020 at 22:51, Dave Cridland  wrote:

> Hi all,
>
> Sam has also submitted this XEP in a significantly expanded form to the
> [IETF], and raised it in the [KITTEN] working group. The current status
> within the IETF is an "individual draft", and while it can get to RFC
> status like that, I think formal adoption as a "working group draft" would
> be better for the document - it'll get more review, and a better status
> when published as an RFC. (It's also quite a bit easier for Sam).
>
> I would encourage anyone who's interested in this area to join the KITTEN
> mailing list and express some interest (or, even better, read the doc and
> send a message to the list with comments). The Working Group Chairs will
> need to be convinced that there is real interest out there, understandably,
> so doing so will help make this document better.
>
> There is other stuff of interest to security-conscious XMPP folk in
> KITTEN, being the home of SASL, so it's well worth joining. In addition, a
> lot of the work we do herein the XSF is largely invisible to the IETF; I
> believe the people in this group have much to offer the IETF as well as
> vice-versa, and this represents a good opportunity for cross-pollination.
>
> Dave.
>
> [IETF] -
> https://datatracker.ietf.org/doc/draft-whited-kitten-password-storage/
> [KITTEN] - https://datatracker.ietf.org/wg/kitten/about/
>
> On Tue, 5 May 2020 at 20:08, Jonas Schäfer  wrote:
>
>> Version 0.1.1 of XEP-0438 (Best practices for password hashing and
>> storage) has been released.
>>
>> Abstract:
>> This document outlines best practices for handling user passwords on
>> the public Jabber network for both clients and servers.
>>
>> Changelog:
>> Fix reference to external document (ssw)
>>
>> URL: https://xmpp.org/extensions/xep-0438.html
>>
>> Note: The information in the XEP list at https://xmpp.org/extensions/
>> is updated by a separate automated process and may be stale at the
>> time this email is sent. The XEP documents linked herein are up-to-
>> date.
>> ___
>> Standards mailing list
>> Info: https://mail.jabber.org/mailman/listinfo/standards
>> Unsubscribe: standards-unsubscr...@xmpp.org
>> ___
>>
>
___
Standards mailing list
Info: https://mail.jabber.org/mailman/listinfo/standards
Unsubscribe: standards-unsubscr...@xmpp.org
___

Re: [Standards] NEW: XEP-0438 (Best practices for password hashing and storage)

[Dave Cridland]

Hi all,

Sam has also submitted this XEP in a significantly expanded form to the
[IETF], and raised it in the [KITTEN] working group. The current status
within the IETF is an "individual draft", and while it can get to RFC
status like that, I think formal adoption as a "working group draft" would
be better for the document - it'll get more review, and a better status
when published as an RFC. (It's also quite a bit easier for Sam).

I would encourage anyone who's interested in this area to join the KITTEN
mailing list and express some interest (or, even better, read the doc and
send a message to the list with comments). The Working Group Chairs will
need to be convinced that there is real interest out there, understandably,
so doing so will help make this document better.

There is other stuff of interest to security-conscious XMPP folk in KITTEN,
being the home of SASL, so it's well worth joining. In addition, a lot of
the work we do herein the XSF is largely invisible to the IETF; I believe
the people in this group have much to offer the IETF as well as vice-versa,
and this represents a good opportunity for cross-pollination.

Dave.

[IETF] -
https://datatracker.ietf.org/doc/draft-whited-kitten-password-storage/
[KITTEN] - https://datatracker.ietf.org/wg/kitten/about/

On Tue, 5 May 2020 at 20:08, Jonas Schäfer  wrote:

> Version 0.1.1 of XEP-0438 (Best practices for password hashing and
> storage) has been released.
>
> Abstract:
> This document outlines best practices for handling user passwords on
> the public Jabber network for both clients and servers.
>
> Changelog:
> Fix reference to external document (ssw)
>
> URL: https://xmpp.org/extensions/xep-0438.html
>
> Note: The information in the XEP list at https://xmpp.org/extensions/
> is updated by a separate automated process and may be stale at the
> time this email is sent. The XEP documents linked herein are up-to-
> date.
> ___
> Standards mailing list
> Info: https://mail.jabber.org/mailman/listinfo/standards
> Unsubscribe: standards-unsubscr...@xmpp.org
> ___
>
___
Standards mailing list
Info: https://mail.jabber.org/mailman/listinfo/standards
Unsubscribe: standards-unsubscr...@xmpp.org
___