Dear all, In first, I wish you a Happy New Year 2025!
In the past, I have requested SCRAM support in Dovecot, etc. I would like to know the situation with -PLUS variants (Channel Binding)? This feature for more security is always missing. RFC 9266: Channel Bindings for TLS 1.3: - https://datatracker.ietf.org/doc/html/rfc9266 Little details, to know easily: - tls-unique for TLS =< 1.2 - tls-server-end-point - tls-exporter for TLS = 1.3 Can you add tls-unique, tls-server-end-point and tls-exporter to be perfect? Stephan Bosch has started but no news since one year: - https://github.com/dovecot/core/compare/main...stephanbosch:dovecot-core:sasl-scram-plus Other links: SASL2 I-D: Extensible Simple Authentication and Security Layer (SASL): - https://datatracker.ietf.org/doc/html/draft-melnikov-sasl2 It is in several XEPs too: - XEP-0388: Extensible SASL Profile: https://xmpp.org/extensions/xep-0388.html - XEP-0440: SASL Channel-Binding Type Capability: https://xmpp.org/extensions/xep-0440.html - XEP-0474: SASL SCRAM Downgrade Protection: https://xmpp.org/extensions/xep-0474.html - XEP-0480: SASL Upgrade Tasks: https://xmpp.org/extensions/xep-0480.html Thanks in advance. Regards, Neustradamus _______________________________________________ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
