New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SCRAM-SHA-1(-PLUS) + SCRAM-SHA-256(-PLUS) supports #4191
Comments
Dear @k9mail team, Happy New Year 2022! Have you looked for SCRAM-SHA-* supports? Thanks in advance. |
Please don't spam the issue tracker. While this might be the single most important issue for you, it's certainly not for everyone. When someone opens a pull request to implement this functionality, they will reference this issue and you'll be able to see it in the issue timeline. There's no need to ask for status reports. |
@cketti: Thanks for your reply! But it is a problem of SECURITY, currently it is unsecure to use K-9. |
No, it's not. By default K-9 Mail uses transport encryption (SSL/TLS or STARTTLS). Using "normal password" authentication is fine when the transport channel is encrypted. |
@cketti: I have added the last RFC in the description: RFC9051: Internet Message Access Protocol (IMAP) - Version 4rev2: I wish you a good reading. |
Dear @k9mail team, @thunderbird team, I wish you a Happy New Year 2024! Have you progressed on it? It is linked to POP/IMAP/SMTP/JMAP for the security of all. Thanks in advance. |
Dear @thunderbird team, @k9mail team, @cketti, After the comment on the other ticket, have you progressed on this missing SECURITY support? Note that the first RFC exists since 2010 (more 13 years and 6 months). I can send an email to SECURITY team to explain the historical SECURITY problem. Thanks in advance. |
Dear @k9mail team, @thunderbird team,
Can you add supports of :
You can add too:
"When using the SASL SCRAM mechanism, the SCRAM-SHA-256-PLUS variant SHOULD be preferred over the SCRAM-SHA-256 variant, and SHA-256 variants [RFC7677] SHOULD be preferred over SHA-1 variants [RFC5802]".
SCRAM-SHA-1(-PLUS):
-- https://tools.ietf.org/html/rfc5802
-- https://tools.ietf.org/html/rfc6120
SCRAM-SHA-256(-PLUS):
-- https://tools.ietf.org/html/rfc7677 since 2015-11-02
-- https://tools.ietf.org/html/rfc8600 since 2019-06-21: https://mailarchive.ietf.org/arch/msg/ietf-announce/suJMmeMhuAOmGn_PJYgX5Vm8lNA
SCRAM-SHA-512(-PLUS):
-- https://tools.ietf.org/html/draft-melnikov-scram-sha-512
SCRAM-SHA3-512(-PLUS):
-- https://tools.ietf.org/html/draft-melnikov-scram-sha3-512
SCRAM BIS: Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms:
-- https://tools.ietf.org/html/draft-melnikov-scram-bis
https://xmpp.org/extensions/inbox/hash-recommendations.html
-PLUS variants:
IMAP:
LDAP:
HTTP:
2FA:
IANA:
Linked to:
The text was updated successfully, but these errors were encountered: