ietf-nntp Re: WG Review: Simple Authentication and Security
Layer (sasl)
Jeffrey M. Vinocur
jeff at litech.org
Mon Dec 9 11:36:28 PST 2002
On Mon, 9 Dec 2002, Ken Murchison wrote:
> Unless I don't fully understand your problem, I don't see what this has
> to do with SASL. SASL and the associated mechs describe a standardized
> over-the-write format, not how the user is actually authenticated.
I think what Andrew is looking for is something like:
DSS Secured Password Authentication Mechanism, C. Newman, 3/1998
Some system administrators are faced with a choice between deploying a
new authentication infrastructure or sending unencrypted passwords in
the clear over the Internet. Deploying a new authentication
infrastructure often involves modifying operating system services or
keeping parallel authentication databases up to date and is thus
unacceptable to many administrators.
Solutions which encrypt the entire session are often crippled with
weak keys (due to government restrictions) which are unsuitable for
passwords. In addition, such solutions often reduce performance of
the entire session to an unacceptable level. This specification
defines a SASL [SASL] mechanism which is compatible with existing
password-based authentication databases and does not require a
security layer for the remainder of the session.
I haven't seen anything recently on this front, although I'm definitely
way out of the loop on SASL stuff.
--
Jeffrey M. Vinocur
jeff at litech.org
More information about the ietf-nntp
mailing list