Hi there. Can someone please clarify how to maintain ineroperablity of SCRAM-SHA1 vs SCRAM-SHA256 vs SCRAM-SHA-WHATEVER, e.g. when some clients support SCRAM-SHA1 only, but the password was created in SCRAM-SHA256 format. I know it's still possible to authenticate via PLAIN, however:
1) Using PLAIN creates a potential DoS for the server due to expensive HMAC computational rounds. 2) Some admins prefer to disable PLAIN completely. 3) A client may see PLAIN as a downgrade attack. This can happen when the password was changed from another client with an incompatible SCRAM version. Another problem is with "-PLUS" formats. RFC 7677 states: > After publication of [RFC5802], it was discovered that Transport > Layer Security (TLS) [RFC5246] does not have the expected properties > for the "tls-unique" channel binding to be secure [RFC7627] Does that mean that "-PLUS" doesn't provide additional security and is now useless? And yet another problem is that SCRAM is unusable with third-party services such as STUN/TURN or SIP which support only DIGEST HTTP-like authentication and thus preventing from sharing the same credentials between the services. I'd like to see XSF taking a clear position on this as well as creating some recommendation for the implementors because the disambiguation creates interoperability problems. _______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org _______________________________________________
