ietf-nntp Re: WG Review: Simple Authentication and Security Layer (sasl)
Charles Lindsey
chl at clw.cs.man.ac.uk
Thu Dec 19 11:29:03 PST 2002
In <3DFF6C72.AD6824E5 at oceana.com> Ken Murchison <ken at oceana.com> writes:
>I agree that a SASL mech which encrypts only the plaintext password is
>desirable.
Then someone needs to sit down and define one. To break Russ' circle.
> The biggest problem that I can see with this is getting
>client vendors to implement it. I would assume that it would be much
>easier for them to implement USER/PASS and/or PLAIN along with SSL/TLS
>based on the simplicity of the authentication and the availability
>SSL/TLS code. I'm not up to speed on all of the various NNTP clients,
>but I would assume that a few already have support for USER/PASS over
>SSL (port 563).
>As Jeff said, none of this should impede the progress of AUTHINFO SASL
>and STARTTLS moving forward.
No, AUTHINFO SASL is not implemented in typical NNTP servers yet, so
implementors are going to have to do some work. If we define the necessary
SASL encrypted password at the same time, then they will just implement it
as part of the package. If we try to add it later they won't bother ("why
didn't you tell me that was needed the first time round?").
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131 Fax: +44 161 436 6133 Web: http://www.cs.man.ac.uk/~chl
Email: chl at clw.cs.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
More information about the ietf-nntp
mailing list