| author | Martin Dosch <martin@mdosch.de> |
| Tue, 26 Mar 2024 22:15:41 +0100 | |
| changeset 5879 | 61bee1be6db3 |
| parent 5777 | 3a7349aa95c7 |
| permissions | -rw-r--r-- |
|
5777
3a7349aa95c7
mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 |
--- |
|
3a7349aa95c7
mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 |
labels: |
|
3a7349aa95c7
mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 |
- 'Stage-Alpha' |
|
3a7349aa95c7
mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 |
summary: 'XEP-0474: SASL SCRAM Downgrade Protection' |
|
3a7349aa95c7
mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 |
... |
|
3a7349aa95c7
mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 |
|
|
3a7349aa95c7
mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 |
Introduction |
|
3a7349aa95c7
mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 |
============ |
|
3a7349aa95c7
mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 |
|
|
3a7349aa95c7
mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 |
This module implements the experimental XEP-0474: SASL SCRAM Downgrade |
|
3a7349aa95c7
mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 |
Protection. It provides an alternative downgrade protection mechanism to |
|
3a7349aa95c7
mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 |
client-side pinning which is currently the most common method of downgrade |
|
3a7349aa95c7
mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 |
protection. |
|
3a7349aa95c7
mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 |
|
|
3a7349aa95c7
mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
15 |
**Note:** This module implements version 0.3.0 of XEP-0474. As of 2023-12-05, |
|
3a7349aa95c7
mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 |
this version is not yet published on xmpp.org. Version 0.3.0 of the XEP is |
|
5879
61bee1be6db3
mod_sasl_ssdp: Add go-sendxmpp to clients supporting XEP-0474.
Martin Dosch <martin@mdosch.de>
parents:
5777
diff
changeset
|
17 |
implemented in Monal 6.0.1 and go-sendxmpp 0.8.0. No other clients are currently |
|
61bee1be6db3
mod_sasl_ssdp: Add go-sendxmpp to clients supporting XEP-0474.
Martin Dosch <martin@mdosch.de>
parents:
5777
diff
changeset
|
18 |
known to implement the XEP at the time of writing. |
|
5777
3a7349aa95c7
mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 |
|
|
3a7349aa95c7
mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 |
# Configuration |
|
3a7349aa95c7
mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 |
|
|
3a7349aa95c7
mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 |
There are no configuration options for this module, just load it as normal. |
|
3a7349aa95c7
mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 |
|
|
3a7349aa95c7
mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 |
# Compatibility |
|
3a7349aa95c7
mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 |
|
|
3a7349aa95c7
mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 |
For SASL2 (XEP-0388) clients, it is compatible with the mod_sasl2 community module. |
|
3a7349aa95c7
mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 |
|
|
3a7349aa95c7
mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
28 |
For clients using RFC 6120 SASL, it requires Prosody trunk 33e5edbd6a4a or |
|
3a7349aa95c7
mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
29 |
later. It is not compatible with Prosody 0.12 (it will load, but simply |
|
3a7349aa95c7
mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
30 |
won't do anything) for "legacy SASL". |