To make better use of SCRAM-*-PLUS authentication mechanism, there was create XEP-0440: SASL Channel-Binding Type Capability, which informs client about channel bindings types supported by the server. Thanks to that client can decided which (if any) channel binding it should use (implemented by the server and the client).
Channel binding will be later on useful with authentication using FAST mechanisms (The Hashed Token SASL Mechanism), which authenticates in 1-RTT instead of 2-RTT for SCRAMs. This will even further improve connectivity establishment time.
Andrzej Wójcik (Tigase) commented 2 years ago
Feature is implemented in devel branch with support for SCRAM-*-PLUS. This feature is enabled by default.
To make better use of
SCRAM-*-PLUS
authentication mechanism, there was create XEP-0440: SASL Channel-Binding Type Capability, which informs client about channel bindings types supported by the server. Thanks to that client can decided which (if any) channel binding it should use (implemented by the server and the client).Channel binding will be later on useful with authentication using
FAST
mechanisms (The Hashed Token SASL Mechanism), which authenticates in 1-RTT instead of 2-RTT for SCRAMs. This will even further improve connectivity establishment time.