horazont / aiosasl
92%
devel: 97%

Repo Added 19 May 2017 11:39AM UTC

Files 10

Badge

Embed ▾

LAST BUILD ON BRANCH feature/drop-unspecified-scram-variants
branch: feature/drop-unspecified-scram-variants

CHANGE BRANCH
x

Reset

feature/drop-unspecified-scram-variants

devel

feature/cleanup-typing

feature/fix-plain-saslprep

feature/minimum-iteration-count

feature/state-enumeration

feature/travis-3.8

feature/travis-ci

feature/unpacked-sasl

master

release-0.4

v0.4.0

v0.4.1

pending completion

Build # 24

Build Type

Pull #9

travis-ci

Committed by

web-flow

Commit Message

Drop unspecified SCRAM(-PLUS) variants

The following SCRAM variants were previously supported by aiosasl,
but not specified in any IETF document:

* SCRAM-SHA-224(-PLUS)
* SCRAM-SHA-384(-PLUS)
* SCRAM-SHA-512(-PLUS)

The only SCRAM-SHA-* specifications are:

* RFC 7677 <https://tools.ietf.org/html/rfc7677> (SCRAM-SHA-256) and
* RFC 5802 <https://tools.ietf.org/html/rfc5802> (SCRAM-SHA-1).

Of those, RFC 7677 (which defines the registry) explicitly states:

> Note: Members of this family MUST be explicitly registered using
> the "IETF Review" [RFC5226] registration procedure.  Reviews MUST
> be requested on the KITTEN mailing list kitten@ietf.org (or a
> successor designated by the responsible Security Area Director).
>
> […]
>
> Note to future SASL SCRAM mechanism designers: each new SASL
> SCRAM mechanism MUST be explicitly registered with IANA and MUST
> comply with the SCRAM-mechanism naming convention defined in
> Section 4 of [RFC5802].

So while the unspecified mechanisms outlined above adhere to the
naming convention, they’re  not registered with the IANA (see
<https://www.iana.org/assignments/sasl-mechanisms/sasl-mechanisms.xhtml>)
at this point in time.

This is thus a violation of the specification/unauthorized
extension of the registered set of algorithms for no good reason.
We should drop them to stay within the specification.

In addition, an argument can be made that it’s not our place to
invent new SCRAM variants without review.

Fixes #6.

Pull Request Pull Request #9: Drop unspecified SCRAM(-PLUS) variants

Run Details

343 of 373 relevant lines covered (91.96%)

0.92 hits per line

Relevant lines Covered

373 RELEVANT LINES 343 COVERED LINES

0.92 HITS PER LINE

Source Files on feature/drop-unspecified-scram-variants

Coverage	∆	File	Lines	Relevant	Covered	Missed	Hits/Line

Recent builds

Builds	Branch	Commit	Type	Ran	Committer	Via	Coverage
24	feature/drop-unspecified-scram-variants	Drop unspecified SCRAM(-PLUS) variants The following SCRAM variants were previously supported by aiosasl, but not specified in any IETF document: * SCRAM-SHA-224(-PLUS) * SCRAM-SHA-384(-PLUS) * SCRAM-SHA-512(-PLUS) The only SCRAM-SHA-* specific...	Pull #9	08 Nov 2018 04:34PM UTC	web-flow	travis-ci	pending completion
23	feature/drop-unspecified-scram-variants	Drop unspecified SCRAM(-PLUS) variants The following SCRAM variants were previously supported by aiosasl, but not specified in any IETF document: * SCRAM-SHA-224(-PLUS) * SCRAM-SHA-384(-PLUS) * SCRAM-SHA-512(-PLUS) The only SCRAM-SHA-* specific...	push	08 Nov 2018 04:33PM UTC	horazont	travis-ci	pending completion

See All Builds (49)

horazont / aiosasl
92%
devel: 97%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

CHANGE BRANCH
x

Relevant lines Covered

Source Files on feature/drop-unspecified-scram-variants

Recent builds

horazont / aiosasl 92% devel: 97%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

CHANGE BRANCH x

Relevant lines Covered

Source Files on feature/drop-unspecified-scram-variants

Recent builds

horazont / aiosasl
92%
devel: 97%

README BADGES
x

CHANGE BRANCH
x