ietf-nntp Section 11.5 - NEWNEWS
Charles Lindsey
chl at clw.cs.man.ac.uk
Tue Jul 25 02:19:20 PDT 2000
In <87lmyr2ejv.fsf at erlenstar.demon.co.uk> Andrew Gierth <andrew at erlenstar.demon.co.uk> writes:
> 2) the auth draft specified that SASL and the DIGEST-MD5 scheme were
> MUST requirements of any implementation using auth. While the
> desire to avoid plaintext passwords is all well and good, I for
> one cannot implement any scheme in which the user-entered
> password is not recoverable in plaintext at the server end (I
> have seen no SASL scheme that allows this, though it is
> theoretically possible using public-key encryption).
Why not? The CHAP protocol in PPP works fine without the user-entered
password being recovered at the server (yes, the server needs to know it,
or some hash of it, at the time the user registers for service).
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Email: chl at clw.cs.man.ac.uk Web: http://www.cs.man.ac.uk/~chl
Voice/Fax: +44 161 437 4506 Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
More information about the ietf-nntp
mailing list