-
Notifications
You must be signed in to change notification settings - Fork 85
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add SASL mechanisms to the software table. #48
Conversation
maybe there should be a more generic field "status: required/optional/deprecated/dear gods no" |
This looks nice, and thanks for that I'm against showing DH-AES and DH-BLOWFISH on the site in the same way we're showing everything else. For that matter, given #11 I'm very iffy on including If we display them at all, my initial thought is to add a 'deprecated' class to every cell in that column and make them very desaturated, darker grey versions of the green, and just a darker grey instead of red for not supported. And for the That sort of thing could definitely be done with some creative extension of the Regarding I definitely really like the idea. I'm just a little iffy about including it right here, along with those edit: Just for reference with the "iffy about including it right here" comment. I feel that we should basically only include things we want people to support on these pages. If it's on the specific SASL mechanisms page, I'm more open to including the I feel like that would also just be a more appropriate place for them in general, although it complicates the whole yml layout somewhat. Basically creating a new |
Earlier, XMPP has chosen SCRAM-SHA-1 as the new "required" mechanism (replacing the previous DIGEST-MD5 requirement). As non-cryptographer, I think it looks good when properly implemented – unlike my earlier Atheme module. (That is, services must only store ServerKey and StoredKey, because PBKDF2(password) is password-equivalent.) |
👍. Listing them makes it seem that all clients which removed support for them when they were declared insecure and removed wrong Atheme are doing something wrong. At least ZNC did this. This part has been edited multiple times as I was proven wrong on HexChat and WeeChat which actually do support DH-*.
I have no own opinion, but would assume that @kaniini doesn't want it to be included based on them not wanting to include it on SASL mechanisms page as seen in #11. Otherwise I like the idea.
I also ask in this thread, where else than in this PR the mechanisms that "should" be implemented are listed? |
@@ -71,6 +80,11 @@ | |||
- server-time | |||
- monitor | |||
- userhost-in-names | |||
SASL: | |||
- dh-aes | |||
- dh-blowfish |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Source for dh-aes and dh-blowfish being supported by HexChat? I see only SASL (username + password)
and SASL EXTERNAL (cert)
in the login methods and am quite sure that they were removed long time ago.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wrong again < TingPing> Mikaela, it still does though it was planned to be removed
The http://ircv3.net/docs/sasl-mechs.html page does already list these mechanisms specifically. Aside from that, I'm leaving this issue open for opinions on those 'highlighted' ones. |
Merged this into master manually, with the table now living on the sasl-mechs page |
I'm abusing the required attribute to show the ones that people "should" be implementing. If anyone has a better idea for this then I can change it.