ietf-nntp Re: WG Review: Simple Authentication and Security Layer (sasl)
Charles Lindsey
chl at clw.cs.man.ac.uk
Thu Dec 12 07:24:12 PST 2002
In <3DF779C6.B10F31B5 at oceana.com> Ken Murchison <ken at oceana.com> writes:
>Just to clarify, this isn't a problem with SASL. The problem is with
>Andrew's requirements and the lack of a documented/implemented SASL
>mechanism which satifies those requirements. SASL itself is not the
>cause of the problem any more than AUTHINFO USER/PASS is.
Then I think someone needs to be devising a SASL mechanism other than PLAIN.
>No. The only one close is the one that Jeff noted:
>http://www.alternic.org/drafts/drafts-n-o/draft-newman-sasl-passdss-01.txt
>If Jeff is still working with Chris on the NNTP security draft, maybe he
>can ask him why this mechanism never moved forward. My guess is because
>of the presence of PLAIN and STARTTLS.
AFAIR, at the time we removed AUTHINFO from our draft (that was years
ago), it was because we were told that the IETF would no longer
countenance any new standards that allowed (let alone required) the
sending of passwords in plain text. I has always assumed that this was the
issue on which Chris was supposed to be working.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131 Fax: +44 161 436 6133 Web: http://www.cs.man.ac.uk/~chl
Email: chl at clw.cs.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
More information about the ietf-nntp
mailing list