sasl: spec recommendations breaks single roundtrip connection registration

[emersion]

Clients want to minimize the number of roundtrips used to connect to an IRC server, especially on flaky connections such as mobile phones/hotspots. To this end, some clients (including gamja, goguma) send multiple commands in a single burst without waiting for the server reply.

The following commands are sent in a single burst:

AUTHENTICATE PLAIN
AUTHENTICATE <base64>
CAP END

The spec says:

If the client completes registration (with CAP END, NICK, USER and any other necessary messages) while the SASL authentication is still in progress, the server SHOULD abort it and send a 906 numeric, then register the client without authentication.

Ref inspircd/inspircd#2086

[grawity]

A few years ago I wanted to specify an equivalent of IMAP's SASL-IR cap, which allows a single AUTHENTICATE <mech> <1st-response> command, but was shot down because "nobody would ever need that".

[emersion]

Ah, seems like you've had the same idea as #520. While this helps a bit, it still wouldn't prevent the server from processing the CAP END before the single AUTHENTICATE command completes.

[slingamn]

I was not aware of this recommendation and would support deleting it.

[SadieCat]

I'd support weakening the SHOULD to a MAY for clients using sasl-3.2 which would keep compatibility for clients that expect sasl-3.1 behaviour.