charset in DIGEST-MD5

Paul Aurich paul at darkrain42.org
Fri Jun 5 17:41:44 EDT 2009


And Peter Saint-Andre spoke on 06/02/2009 10:09 AM, saying:
> Someone just told me that Pidgin does not include charset in its SASL
> DIGEST-MD5 data for XMPP. If charset is not included, RFC 2831 says that
> the encoding is ISO 8859-1. That *might* cause a problem in XMPP because
> usernames and passwords can include characters outside 8859-1. I don't
> know if this has caused any problems in the wild, but I figured I would
> mention it.
> 
> Ideally XMPP will transition away from DIGEST-MD5 altogether and move to
> SCRAM, but that won't happen immediately.
> 
> More here:
> 
> http://tools.ietf.org/html/rfc2831
> 
> http://tools.ietf.org/html/draft-ietf-sasl-digest-to-historic
> 
> http://tools.ietf.org/html/draft-ietf-sasl-scram
> 
> Peter
> 

It seems Cyrus SASL doesn't ever include the charset in the generated
responses, as the code path to do so is never executed. The next release of
Pidgin will contain code that specifies the charset when Cyrus doesn't.

Thanks,
~Paul




More information about the Devel mailing list