"Mason, Matt" <[email protected]> writes: > Greetings - > > > > I have come to understand that the SCRAM - Salted Challenge Response > Authentication Method is the most secure authentication method available > for XMPP connectivity. Can this list please verify that as well as > point me to docs or published implementations?
SCRAM shouldn't be worse than CRAM-MD5 or DIGEST-MD5. I believe the revised XMPP will use SCRAM as mandatory-to-implement. The specification is available from: http://tools.ietf.org/html/draft-ietf-sasl-scram-11 The document is in the RFC editor's queue waiting for the TLS channel binding specification. GNU SASL implements SCRAM, in stable release since November 2009. It will be included in the upcoming Ubuntu 10.04 LTS and Debian Squeeze releases. I've performed interop tests with several other implementers. http://www.gnu.org/software/gsasl/ /Simon
