ietf-nntp Re: WG Review: Simple Authentication and Security Layer
(sasl)
Ken Murchison
ken at oceana.com
Fri Dec 20 07:02:42 PST 2002
Andrew Gierth wrote:
>
> >>>>> "Rob" == Rob Siemborski <rjs3 at andrew.cmu.edu> writes:
>
> Rob> Then the mandatory to implement mechanism could be something
> Rob> more akin to CRAM-MD5. Its just there to ensure baseline
> Rob> interoperability.
>
> The mandatory-to-implement mechanism should be one that is actually
> useful in the real world, which rules out all the digest-based systems.
>
> This isn't just an issue for outsource providers, it also affects the
> ease of deployment of password auth _within_ an ISP, which is
> increasingly becoming desirable (replacing pure IP-based auth) simply
> because of the open proxy problem. Using a digest-based auth mechanism
> requires that the ISP keep a whole new copy of their password file on
> the news server, rather than being able to simply make the news server
> do RADIUS (or whatever) queries against existing authentication systems.
Maybe its just me, but you seem to be projecting your particular
implementation and its pros/cons on the entire community. I'm sure that
there are plenty of ISPs that can successfully provide secure
authentication without the *NEED* for a DSS-type mechanism. As I've
stated before, I can definitely see a fit for such a mechanism, but you
make it sound like nothing can be done without it.
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
More information about the ietf-nntp
mailing list