thunderbird
SCRAM-SHA-1(-PLUS) + SCRAM-SHA-256(-PLUS) supports
Dear @k9mail team, @thunderbird team,
Can you add supports of :
- SCRAM-SHA-1
- SCRAM-SHA-1-PLUS
- SCRAM-SHA-256
- SCRAM-SHA-256-PLUS
- SCRAM-SHA-512
- SCRAM-SHA-512-PLUS
- SCRAM-SHA3-512
- SCRAM-SHA3-512-PLUS
You can add too:
- SCRAM-SHA-224
- SCRAM-SHA-224-PLUS
- SCRAM-SHA-384
- SCRAM-SHA-384-PLUS
"When using the SASL SCRAM mechanism, the SCRAM-SHA-256-PLUS variant SHOULD be preferred over the SCRAM-SHA-256 variant, and SHA-256 variants [RFC7677] SHOULD be preferred over SHA-1 variants [RFC5802]".
-
SCRAM-SHA-1(-PLUS): -- https://tools.ietf.org/html/rfc5802 -- https://tools.ietf.org/html/rfc6120
-
SCRAM-SHA-256(-PLUS): -- https://tools.ietf.org/html/rfc7677 since 2015-11-02 -- https://tools.ietf.org/html/rfc8600 since 2019-06-21: https://mailarchive.ietf.org/arch/msg/ietf-announce/suJMmeMhuAOmGn_PJYgX5Vm8lNA
-
SCRAM-SHA-512(-PLUS): -- https://tools.ietf.org/html/draft-melnikov-scram-sha-512
-
SCRAM-SHA3-512(-PLUS): -- https://tools.ietf.org/html/draft-melnikov-scram-sha3-512
-
SCRAM BIS: Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms: -- https://tools.ietf.org/html/draft-melnikov-scram-bis
https://xmpp.org/extensions/inbox/hash-recommendations.html
-PLUS variants:
- RFC5056: On the Use of Channel Bindings to Secure Channels: https://tools.ietf.org/html/rfc5056
- RFC5929: Channel Bindings for TLS: https://tools.ietf.org/html/rfc5929
- Channel-Binding Types: https://www.iana.org/assignments/channel-binding-types/channel-binding-types.xhtml
- RFC 9266: Channel Bindings for TLS 1.3: https://tools.ietf.org/html/rfc9266
IMAP:
- RFC9051: Internet Message Access Protocol (IMAP) - Version 4rev2: https://tools.ietf.org/html/rfc9051
LDAP:
- RFC5803: Lightweight Directory Access Protocol (LDAP) Schema for Storing Salted: Challenge Response Authentication Mechanism (SCRAM) Secrets: https://tools.ietf.org/html/rfc5803
HTTP:
- RFC7804: Salted Challenge Response HTTP Authentication Mechanism: https://tools.ietf.org/html/rfc7804
2FA:
- Extensions to Salted Challenge Response (SCRAM) for 2 factor authentication: https://datatracker.ietf.org/doc/html/draft-ietf-kitten-scram-2fa
IANA:
- Simple Authentication and Security Layer (SASL) Mechanisms: https://www.iana.org/assignments/sasl-mechanisms/sasl-mechanisms.xhtml
Linked to:
- https://github.com/scram-xmpp/info/issues/1
- https://github.com/k9mail/k9mail.app/issues/207
Dear @k9mail team,
Happy New Year 2022!
Have you looked for SCRAM-SHA-* supports?
Thanks in advance.
Please don't spam the issue tracker. While this might be the single most important issue for you, it's certainly not for everyone.
When someone opens a pull request to implement this functionality, they will reference this issue and you'll be able to see it in the issue timeline. There's no need to ask for status reports.
@cketti: Thanks for your reply!
But it is a problem of SECURITY, currently it is unsecure to use K-9.
No, it's not. By default K-9 Mail uses transport encryption (SSL/TLS or STARTTLS). Using "normal password" authentication is fine when the transport channel is encrypted.
@cketti: I have added the last RFC in the description: RFC9051: Internet Message Access Protocol (IMAP) - Version 4rev2:
- https://tools.ietf.org/html/rfc9051
I wish you a good reading.
Dear @k9mail team, @thunderbird team,
I wish you a Happy New Year 2024!
Have you progressed on it?
It is linked to POP/IMAP/SMTP/JMAP for the security of all. I recall, SCRAM is a standard since 2010.
Thanks in advance.
Dear @thunderbird team, @k9mail team, @cketti,
After the comment on the other ticket, have you progressed on this missing SECURITY support? Have you looked the RFC9051 and others?
Note that the first RFC exists since 2010 (more 13 years and 6 months).
I can send an email to SECURITY team to explain the historical SECURITY problem.
Thanks in advance.