Please add SCRAM-SHA-512(-PLUS) again and there is the SCRAM-SHA3-512(-PLUS)
Neustradamus opened this issue · 6 comments
Following the removal of SCRAM-SHA-512(-PLUS), I request you the addition and there is SCRAM-SHA3-512(-PLUS) in the same time.
SCRAM-SHA-512(-PLUS):
SCRAM-SHA3-512(-PLUS):
When these go to RFC, then it will be appropriate to add them, IMO. Right now these are just I-Ds, they may change before the final revision, or a weakness may be found, etc. These are simple enough that I don't think that's likely, but you never know and since the existing mechanisms are very strong it doesn't hurt to wait and make sure.
A lot of projects have already SCRAM-SHA-512: https://www.google.com/search?q=SCRAM-SHA-512
A list of search results doesn't mean that most mainstream clients and servers implement it (they don't). And even if they did, you're not getting a compatibility befit from it or anything else that would make it a good idea to rush this before the final version of the document is even out. What happens if you implement it now, and then changes are made, and then you're not compatible with the final RFC?
@ortuman: For your information, there was a SCRAM problem in Conversations:
@Neustradamus here's a list of all SCRAM methods supported since latest release:
@ortuman: Nice, thanks a lot! :)
Time to move into the organization?