jdev - 2025-08-03

  1. lovetox

    is SASLPrep only mandatory for PLAIN, or for any SASL mechanism?

  2. lovetox

    seems only plain and md5 at least form one of the rfcs i read

  3. lovetox

    ok i dont get it, https://datatracker.ietf.org/doc/html/rfc4616#section-3 shows that the server applies saslprep before comparing the password against the stored hash

  4. lovetox

    sooo that does mean i dont have to use saslprep on the password before sending it, right?

  5. Martin

    > <stream:features><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>EXTERNAL</mechanism><mechanism>PLAIN</mechanism><mechanism>SCRAM-SHA-1-PLUS</mechanism><mechanism>SCRAM-SHA-1</mechanism></mechanisms><sasl-channel-binding xmlns='urn:xmpp:sasl-cb:0'><channel-binding type='tls-exporter'/><channel-binding type='tls-server-end-point'/></sasl-channel-binding><authentication xmlns='urn:xmpp:sasl:2'><upgrade xmlns='urn:xmpp:sasl:upgrade:0'>UPGR-SCRAM-SHA-256</upgrade><upgrade xmlns='urn:xmpp:sasl:upgrade:0'>UPGR-SCRAM-SHA-512</upgrade><inline><bind xmlns='urn:xmpp:bind:0'><inline><feature var='urn:xmpp:sm:3'/><feature var='urn:xmpp:carbons:2'/></inline></bind><sm xmlns='urn:xmpp:sm:3'/><fast xmlns='urn:xmpp:fast:0'><mechanism>HT-SHA-256-NONE</mechanism><mechanism>HT-SHA-256-UNIQ</mechanism><mechanism>HT-SHA-256-EXPR</mechanism><mechanism>HT-SHA-256-ENDP</mechanism></fast></inline><mechanism>EXTERNAL</mechanism><mechanism>PLAIN</mechanism><mechanism>SCRAM-SHA-1-PLUS</mechanism><mechanism>SCRAM-SHA-1</mechanism></authentication><register xmlns='http://jabber.org/features/iq-register'/></stream:features> If I use FAST, shall I ignore all the UPGR-stuff?

  6. lovetox

    how can a server ever upgrade their sasl mechanisms if they dont store the plaintext password?

  7. lovetox

    oh thats what https://xmpp.org/extensions/xep-0480.html is for

  8. Martin

    Yes, but I think it should not be intertwined with FAST, as the server could just expire the fast token to enforce an upgrade the next time.

  9. Martin

    MattJ: What do you think? I think you know best about FAST. :)

  10. gnemmi

    Hello everyone!

  11. gnemmi

    My name is Gonzalo Raúl Nemmi. I'm a contributor on the Comm Team and I'd like apply for a XSF Membership.

  12. gnemmi

    I joined the MUC by following the instructions on the wiki page (which, by the way, seems to be outdated as the link still ponts toxmpp:jdev@conference.jabber.org?join ) because I don't have a wiki account to create a wiki page about myself.

  13. gnemmi

    So, I was wondering if any of the Sysops may create an account for me so I can send my application in time for Q3?

  14. theTedd

    ^ Guus

  15. gnemmi

    theTedd: thank you 😊

  16. Guus

    gnemmi: i can do that, yes. Please give me your preferred username. I also need an email address for the password reset to be sent to

  17. Guus

    I'm now in bed, I'll do it tomorrow

  18. gnemmi

    Perfect!. I'll send you all the info on a private message. Have a good night!