ietf-nntp Re: WG Review: Simple Authentication and Security Layer (sasl)
Andrew Gierth
andrew at erlenstar.demon.co.uk
Fri Dec 20 02:47:58 PST 2002
>>>>> "Rob" == Rob Siemborski <rjs3 at andrew.cmu.edu> writes:
Rob> Then the mandatory to implement mechanism could be something
Rob> more akin to CRAM-MD5. Its just there to ensure baseline
Rob> interoperability.
The mandatory-to-implement mechanism should be one that is actually
useful in the real world, which rules out all the digest-based systems.
This isn't just an issue for outsource providers, it also affects the
ease of deployment of password auth _within_ an ISP, which is
increasingly becoming desirable (replacing pure IP-based auth) simply
because of the open proxy problem. Using a digest-based auth mechanism
requires that the ISP keep a whole new copy of their password file on
the news server, rather than being able to simply make the news server
do RADIUS (or whatever) queries against existing authentication systems.
--
Andrew.
More information about the ietf-nntp
mailing list