Jack Moffitt wrote:
So RFC 2831 says:
digest-uri-value = serv-type "/" host [ "/" serv-name ]
and RFC 3920 does not seem to specify anything else.
Implementations seem to expect xmpp/DOMAIN whre DOMAIN is the domain
part of the JID.
One reading of 2831 might lead one to implement something like:
xmpp/talk.google.com/gmail.com
This is actually bad news, because BOSH clients will not be able to
get this extra SRV information, unless the connection manager returns
it somehow.
Should we add some language to 3920bis to lock this down so that we
don't have implementations that are incapable of BOSH?
I agree with Kurt's comment about replacing DIGEST-MD5 with something else.
However, regarding the specific issue you've reported:
I've made DIGEST-MD5 plugin in Cyrus SASL implementation ignore the ["/"
serv-name] part of such URIs. So the full digest-uri-value should be
used for hashing, but only part of it should be used for verification.
