On Thu, Jan 24, 2019, at 15:51, Evgeny wrote: > On Thu, Jan 24, 2019 at 6:39 PM, Florian Schmaus > <f...@geekplace.eu> wrote: > > I am not sure if the XSF is the right venue > > Well, some people cite RFC 6120, as I understand, section 13.8.1, > which requires, among others, to support SCRAM-SHA1-PLUS. So XSF > responsibility cannot be completely ruled out.
That document is the purview of the IETF, not the XSF (that being said, I agree with you, this is as good a place to start working on it as any). I've had a document that I've been meaning to publish for a while that details how clients can do auth mechanism pinning to prevent downgrade attacks; it might also be a good place to discuss this, but I could see a separate document outlining best practices being useful as well (or just a wiki page). —Sam _______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org _______________________________________________
