ietf-nntp Re: WG Review: Simple Authentication and Security Layer (sasl)

Jeffrey M. Vinocur jeff at litech.org
Fri Dec 20 08:35:20 PST 2002


On Fri, 20 Dec 2002, Ken Murchison wrote:

> Charles Lindsey wrote:
> > 
> > In <3DFF6C72.AD6824E5 at oceana.com> Ken Murchison <ken at oceana.com> writes:
> > 
> > >I agree that a SASL mech which encrypts only the plaintext password is
> > >desirable.
> > 
> > Then someone needs to sit down and define one.
> 
> Since the only such complaints that I've heard from any working
> group/mailing list that I participate in (in the last 3 years) is from
> this group, I would suggest that the someone will have to be from this
> group.

It would be better if someone who knows about encryption and such things
(i.e., someone from the SASL community) could do this, to be sure it 
happens properly.

It would be interesting to find out why the previous attempt didn't make
it past draft stage, though.  If that protocol (I haven't read it) is 
fundamentally sound, and just needs to be polished off to make it to RFC 
stage, then I guess I can take responsibility for that too.


-- 
Jeffrey M. Vinocur
jeff at litech.org




More information about the ietf-nntp mailing list