-
-
Notifications
You must be signed in to change notification settings - Fork 818
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
-PLUS variants for SCRAM #950
Comments
MailKit already supports (and has for a few years now) SCRAM-SHA-256 and SCRAM-SHA-1 and correctly prefers SCRAM-SHA-256 over SCRAM-SHA-1. The SCRAM SASL mechanisms do not appear to be widely supported among mail servers in general and the PLUS variants are even less widely supported as far as I've seen which makes this feature an extremely low priority for me. I also don't have any servers available to me for testing any implementation of the PLUS variants that I come up with, so that puts a major road block in front of me as well. That said, I would welcome a Pull Request for this feature if you really need it that badly. |
Yes, the request is for -PLUS variants :) Since some months, Cyrus SASL supports (and Cyrus IMAP):
More info on "State of Play" cited previously. |
I don't have access to a Cyrus IMAP server, so that doesn't help me at all. |
This seems impossible to implement using C# and SslStream. |
@jstedfast: What is the problem exactly? |
I don't remember, but presumably the hooks needed for the -PLUS variants aren't available (or I couldn't find them) in SslStream. I'd be happy to review pull requests if you'd like to implement this. |
MailKit v3.0.0 has been released with support for the -PLUS variants. |
@jstedfast: Nice, thanks! Compatibility with TLS 1.2 and 1.3? |
yes |
@jstedfast: It is official for TLS 1.3 Binding!
Details:
Linked to: |
"When using the SASL SCRAM mechanism, the SCRAM-SHA-256-PLUS variant SHOULD be preferred over the SCRAM-SHA-256 variant, and SHA-256 variants [RFC7677] SHOULD be preferred over SHA-1 variants [RFC5802]".
SCRAM-SHA-1(-PLUS):
-- RFC5802: Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms: https://tools.ietf.org/html/rfc5802
-- RFC6120: Extensible Messaging and Presence Protocol (XMPP): Core: https://tools.ietf.org/html/rfc6120
SCRAM-SHA-256(-PLUS):
-- RFC7677: SCRAM-SHA-256 and SCRAM-SHA-256-PLUS Simple Authentication and Security Layer (SASL) Mechanisms: https://tools.ietf.org/html/rfc7677 - since 2015-11-02
-- RFC8600: Using Extensible Messaging and Presence Protocol (XMPP) for Security Information Exchange: https://tools.ietf.org/html/rfc8600 - since 2019-06-21: https://mailarchive.ietf.org/arch/msg/ietf-announce/suJMmeMhuAOmGn_PJYgX5Vm8lNA
SCRAM-SHA-512(-PLUS):
-- https://tools.ietf.org/html/draft-melnikov-scram-sha-512
SCRAM-SHA3-512(-PLUS):
-- https://tools.ietf.org/html/draft-melnikov-scram-sha3-512
https://xmpp.org/extensions/inbox/hash-recommendations.html
-PLUS variants:
LDAP:
HTTP:
2FA:
IANA:
Linked to:
The text was updated successfully, but these errors were encountered: