Closed Neustradamus closed 1 year ago
Thank you so much for simply documenting this so thoroughly and cleanly, @Neustradamus. I attached this ticket and #55 to the epic checklist on #12.
Unfortunately, the SASL-SHA-*
mechanisms are still either unsupported or not enabled on every server that I work with. I understand that client support waiting for server support and vice versa creates a chicken-and-egg dilemma. (On the other hand, I'll be submitting my implementation for OAUTHBEARER
soon. It is now supported by more servers than XOAUTH
.)
So... I'd welcome a PR for this! :) If not a PR, perhaps a reference implementation with a suitable open source licence, preferably in ruby or another similar language?
See also:
@nevans: Thanks to all comments about my tickets :)
I hope that one guy can add the support which is officially needed in the last IMAP RFC.
About memcached, there is a fork (inactive) which supports it:
Note: I have done a ticket in https://github.com/memcached/memcached too...
@singpolyma has done a PR in net-sasl:
It's still just a draft, I will definitely be updating and rebasing it, and I might split into multiple smaller PRs. But #78 contains SCRAM-SHA-1
and SCRAM-SHA-256
implementations, and I'd welcome code-review, comments, testing (etc).
@nevans: Good job!
Have you looked for draft-melnikov-scram-sha-512 and draft-melnikov-scram-sha3-512?
@nevans: Good job!
Have you looked for draft-melnikov-scram-sha-512 and draft-melnikov-scram-sha3-512?
yes. They both expired back in April. :(
I'd guess they'll probably be resurrected at some point. And probably there won't be any surprising changes to the algorithm nor to the recommended settings.
Just the same, unless there is a very significant deployment of these not-yet-standard mechanisms, I'd rather not add "official" support until they are standardized. It will only be a few lines of code to add support for any digest that's supported by OpenSSL::Digest, so I don't think that's an undue burden for any project that wants to add those mechanisms for themselves.
Dear @ruby team,
In first, I wish you a Happy New Year!
Can you add supports of :
You can add too:
"When using the SASL SCRAM mechanism, the SCRAM-SHA-256-PLUS variant SHOULD be preferred over the SCRAM-SHA-256 variant, and SHA-256 variants [RFC7677] SHOULD be preferred over SHA-1 variants [RFC5802]".
SCRAM-SHA-1(-PLUS): -- https://tools.ietf.org/html/rfc5802 -- https://tools.ietf.org/html/rfc6120
SCRAM-SHA-256(-PLUS): -- https://tools.ietf.org/html/rfc7677 since 2015-11-02 -- https://tools.ietf.org/html/rfc8600 since 2019-06-21: https://mailarchive.ietf.org/arch/msg/ietf-announce/suJMmeMhuAOmGn_PJYgX5Vm8lNA
SCRAM-SHA-512(-PLUS): -- https://tools.ietf.org/html/draft-melnikov-scram-sha-512
SCRAM-SHA3-512(-PLUS): -- https://tools.ietf.org/html/draft-melnikov-scram-sha3-512
https://xmpp.org/extensions/inbox/hash-recommendations.html
-PLUS variants:
IMAP:
LDAP:
HTTP:
2FA:
IANA:
Linked to: