On Thu, Jan 24, 2019 at 9:15 PM, Dave Cridland <d...@cridland.net>
wrote:
XMPP-Grid (that draft) essentially says both servers and clients MUST
implement EXTERNAL, SCRAM-SHA1, SCRAM-SHA1-PLUS, SCRAM-SHA-256, and
SCRAM-SHA-256-PLUS.
Is there any interest in updating our MTI?
How can we require SHA-256 when we don't have any way to upgrade
existing deployments from SHA-1? Leaving the burden to the operators
again, because this is out of scope of XSF? :)
Some already suggested "solving" this by forcing password
renewal, but we don't have any mechanisms to do this in XMPP.
I personally prefer:
1) MUST for EXTERNAL and PLAIN
2) SHOULD for SCRAM-SHA-X-Y (I'd prefer not to use SCRAM at all
given all the problems I have described in another thread)
_______________________________________________
Standards mailing list
Info: https://mail.jabber.org/mailman/listinfo/standards
Unsubscribe: standards-unsubscr...@xmpp.org
_______________________________________________