ietf-nntp Re: WG Review: Simple Authentication and SecurityLayer
(sasl)
Jeffrey M. Vinocur
jeff at litech.org
Fri Dec 20 08:39:53 PST 2002
On Fri, 20 Dec 2002, Ken Murchison wrote:
> "Jeffrey M. Vinocur" wrote:
> >
> > > Lawrence Greenfield <leg+ at andrew.cmu.edu> writes:
> > >
> > > > many many clients out there that implement SASL (one or more SASL
> > > > mechanisms) without using our library.
> >
> > [...]
> >
> > And is it just me, or isn't the entire point of SASL that the client and
> > server authors only have to implement the profile, and then they get any
> > future mechanisms for free? If this isn't what actually happens in the
> > real world, then it says to me that something needs to be fixed.
>
> With a good implementation such as Cyrus SASL, you DO get any new
> mechanisms for free. I can add/subtract mechanisms from my Cyrus
> IMAP/NNTP/POP3/LMTP server all day long without recompiling.
My comment was in reference to the comment from Larry which I have
retained above. I don't know what the problem is, but there has to be
*some* reason that programmers are reimplementing things themselves.
It may be lack of publicity about available libraries, or difficulty
calling the library from their application, or inappropriate licensing of
the library, or any number of other things. I don't claim to have any
idea what the reason is. But if Larry's statement is accurate, something
is *broken* and needs to be pursued in whatever fashion is appropriate.
--
Jeffrey M. Vinocur
jeff at litech.org
More information about the ietf-nntp
mailing list