From b4fbcf27d71f92d261b090d8514b45861d7bb382 Mon Sep 17 00:00:00 2001 From: Simon Ser Date: Fri, 24 Mar 2023 10:34:09 +0100 Subject: [PATCH] sasl-3.1: recommend against logging AUTHENTICATE arguments --- extensions/sasl-3.1.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/extensions/sasl-3.1.md b/extensions/sasl-3.1.md index 73360b527..dc80adf4e 100644 --- a/extensions/sasl-3.1.md +++ b/extensions/sasl-3.1.md @@ -40,7 +40,11 @@ aborted. Clients SHOULD be prepared for timeouts at all times during the SASL authentication. There are two forms of the AUTHENTICATE command: initial client message and -later messages. +later messages. Since there is no way besides ordering to make the difference +between these two forms, servers SHOULD avoid logging or formatting error +messages with the arguments of the AUTHENTICATE command to prevent secrets from +being leaked (e.g. in case a client doesn't wait for the server's initial empty +challenge before sending credentials). The initial client message specifies the SASL mechanism to be used. (When this is received, the IRCD will attempt to establish an association with a SASL