[jboss-jira] [JBoss JIRA] (ELY-183) Protocols for password changing

Protocols for password changing ------------------------------- Key: ELY-183 URL: https://issues.jboss.org/browse/ELY-183 Project: WildFly Elytron Issue Type: Enhancement Components: API / SPI Reporter: Darran Lofthouse Fix For: 1.2.0.Beta1 Potentially this is a bit of a research task, as I have mentioned in a couple of places I don't like relying on SSL exclusively for confidentiality - my reasons being it is perfect until their is a compromise and then it is as useful as a chocolate tea pot ;-) A lot of the emphasis in the Elytron development so far has been implementation of the more secure SASL mechanisms to eliminate weak password exchanges between a client and the server - however we still have the need for password to be set remotely, this task is to explore some of those options. Are there any existing protocols to remotely set a password securely? Is there anything specific to our current password types we can take advantage of? Are there features of any of our SASL mechanisms to apply a second layer of confidentiality? Any other options?