New BrowserID mechanism

Luke Howard lukeh at
Fri Mar 29 23:34:47 EDT 2013

There was some discussion back in 2011 (not that I subscribed to this list back then) about a SASL BrowserID mechanism.

We have a new GSS mechanism supporting BrowserID (aka Persona) that works with the GS2 bridge in Cyrus SASL.

You may download the code here:

And read the protocol specification here:

Note that unlike the Mozilla BrowserID SASL mechanism, this mechanism supports channel binding, replay detection, fast re-authentication, mutual authentication and interactive credentials acquisition (you don't need to cut and paste an assertion in).

(It also supports message protection services, but this irrelevant when used with GS2.)

-- Luke

Luke Howard / lukeh at /
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the Cyrus-devel mailing list