SASL DIGEST-MD5 digest-uri is wrong

Description

The RFC specifies 'host' to be dns name of the host providing the service, but implementations in the wild use the XMPP service name here.

 

I will likely not fix this because 1. it will break interoperability and 2. DIGEST-MD5 should die (together with PLAIN), use SCRAM instead.

Related:

Environment

None

Attachments

1

Activity

Show:

Florian Schmaus April 8, 2020 at 7:51 PM

While the current Smack implementation is technically wrong, it is what most XMPP servers expect. Hence we keep it that way.

 

Besides, you really should avoid DIGEST-MD5 when possible.

speedy August 25, 2016 at 8:01 PM

please keep in mind that DIGEST-MD5 and PLAIN might still be needed for authentication to an external directory, like MS Active Directory.

Won't Fix

Details

Assignee

Reporter

Expected Effort

Minimal

Components

Affects versions

Priority

Created August 16, 2016 at 11:22 AM
Updated April 8, 2020 at 7:51 PM
Resolved April 8, 2020 at 7:51 PM