ietf-nntp Re: WG Review: Simple Authentication and SecurityLayer
(sasl)
Ken Murchison
ken at oceana.com
Fri Dec 20 08:52:38 PST 2002
"Jeffrey M. Vinocur" wrote:
>
> On Fri, 20 Dec 2002, Ken Murchison wrote:
>
> > Charles Lindsey wrote:
> > >
> > > In <3DFF6C72.AD6824E5 at oceana.com> Ken Murchison <ken at oceana.com> writes:
> > >
> > > >I agree that a SASL mech which encrypts only the plaintext password is
> > > >desirable.
> > >
> > > Then someone needs to sit down and define one.
> >
> > Since the only such complaints that I've heard from any working
> > group/mailing list that I participate in (in the last 3 years) is from
> > this group, I would suggest that the someone will have to be from this
> > group.
>
> It would be better if someone who knows about encryption and such things
> (i.e., someone from the SASL community) could do this, to be sure it
> happens properly.
>
> It would be interesting to find out why the previous attempt didn't make
> it past draft stage, though. If that protocol (I haven't read it) is
> fundamentally sound, and just needs to be polished off to make it to RFC
> stage, then I guess I can take responsibility for that too.
You should probably ask Chris why it died. My guess is because of
TLS/PLAIN.
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
More information about the ietf-nntp
mailing list