ietf-nntp Re: WG Review: Simple Authentication and Security
Layer (sasl)
Jeffrey M. Vinocur
jeff at litech.org
Fri Dec 20 08:35:20 PST 2002
On Fri, 20 Dec 2002, Ken Murchison wrote:
> Charles Lindsey wrote:
> >
> > In <3DFF6C72.AD6824E5 at oceana.com> Ken Murchison <ken at oceana.com> writes:
> >
> > >I agree that a SASL mech which encrypts only the plaintext password is
> > >desirable.
> >
> > Then someone needs to sit down and define one.
>
> Since the only such complaints that I've heard from any working
> group/mailing list that I participate in (in the last 3 years) is from
> this group, I would suggest that the someone will have to be from this
> group.
It would be better if someone who knows about encryption and such things
(i.e., someone from the SASL community) could do this, to be sure it
happens properly.
It would be interesting to find out why the previous attempt didn't make
it past draft stage, though. If that protocol (I haven't read it) is
fundamentally sound, and just needs to be polished off to make it to RFC
stage, then I guess I can take responsibility for that too.
--
Jeffrey M. Vinocur
jeff at litech.org
More information about the ietf-nntp
mailing list