help-gsasl
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SCRAM-SHA-1 interop


From: Simon Josefsson
Subject: SCRAM-SHA-1 interop
Date: Fri, 19 Feb 2010 15:13:17 +0100
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.1 (gnu/linux)

FYI, I've just completed interop testing of the GNU SASL SCRAM-SHA-1
server against Alexey Melnikov's implementation for Cyrus SASL, and we
didn't discover any issue on the GNU SASL side.  We'll try to test the
client side of GNU SASL against a Cyrus SASL based server later.

During discussion I realized two things that we may want to improve in
GNU SASL:

* Reject too low iteration counts on the client side
  (Alexey rejects < 4096)

* Reject too high iteration counts on the client side
  (for DoS protection)

/Simon




reply via email to

[Prev in Thread] Current Thread [Next in Thread]