ietf-nntp Re: WG Review: Simple Authentication and Security Layer (sasl)
Charles Lindsey
chl at clw.cs.man.ac.uk
Fri Dec 13 04:36:57 PST 2002
In <3DF8FDDD.C4D7E35 at oceana.com> Ken Murchison <ken at oceana.com> writes:
>Charles Lindsey wrote:
>>
>> AFAIR, at the time we removed AUTHINFO from our draft (that was years
>> ago), it was because we were told that the IETF would no longer
>> countenance any new standards that allowed (let alone required) the
>> sending of passwords in plain text. I has always assumed that this was the
>> issue on which Chris was supposed to be working.
>It is my understanding that plaintext mechs are allowed as long as they
>can be protected by some external layer (eg, TLS). The updated IMAP
>draft has language to this effect and has passed an initial IESG
>review. That being said, other members of ietf-imapext and ietf-sasl
>are more qualfied to address this issue.
Please explain to me what TLS is. Whatever, I don't think it is
customarily used with NNTP.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131 Fax: +44 161 436 6133 Web: http://www.cs.man.ac.uk/~chl
Email: chl at clw.cs.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
More information about the ietf-nntp
mailing list