Description of feature:
See IETF RFC 5054
Motivation: (Why?)
Sending passwords to a server is always fun because:
- the server could be compromised
- the server could be mitm'd
- the server could be hijacked (e.g. DNS poisoning, etc)
- the server could be the wrong server (e.g. phishing)
- the server could be logging passwords in plaintext (so common that even twitter had to nuke sessions and force password resets over this)
TLS-SRP mitigates some of those problems:
- it encourages the use of a strongly-hashed password (you can technically store the password in plaintext in the DB but please don't)
- it authenticates the server to the client (prevents mitm, hijack, phishing)
- it doesn't provide a password to the server (prevents logging, phishing)
It goes through SASL EXTERNAL, obviously.
Description of feature: See IETF RFC 5054 Motivation: (Why?) Sending passwords to a server is always fun because: - the server could be compromised - the server could be mitm'd - the server could be hijacked (e.g. DNS poisoning, etc) - the server could be the wrong server (e.g. phishing) - the server could be logging passwords in plaintext (so common that even twitter had to nuke sessions and force password resets over this) TLS-SRP mitigates some of those problems: - it encourages the use of a strongly-hashed password (you can technically store the password in plaintext in the DB but please don't) - it authenticates the server to the client (prevents mitm, hijack, phishing) - it doesn't provide a password to the server (prevents logging, phishing) It goes through SASL EXTERNAL, obviously.
We are not going in this direction. https://blog.prosody.im/modern-xmpp-auth/
Changes