ietf-nntp Re: WG Review: Simple Authentication and Security Layer (sasl)

Rob Siemborski rjs3 at andrew.cmu.edu
Fri Dec 20 09:36:22 PST 2002


On Fri, 20 Dec 2002, Jeffrey M. Vinocur wrote:

> It may be lack of publicity about available libraries, or difficulty
> calling the library from their application, or inappropriate licensing of
> the library, or any number of other things.  I don't claim to have any
> idea what the reason is.  But if Larry's statement is accurate, something
> is *broken* and needs to be pursued in whatever fashion is appropriate.

This is an implementation issue that has nothing to do with the
protocol-level standardization of AUTHINFO SASL.  The presence or lack of
a library to actually implement the mechanisms is orthogonal to obtaining
consensus on how AUTHINFO SASL should look on the wire.

This is just like saying TLS is broken because not everybody uses OpenSSL
to implement it.

> Mmm, I think Andrew's assessment of the needs of the NNTP community is
> more accurate than you realize.  For example, the RADIUS authenticator
> that comes with INN is only marginally younger than the implementation of
> pluggable authentication itself, and judging by the periodic patches we
> receive, it's definitely being used in a fair number of different places.

This is also an implementation issue that shouldn't hold up the
standardization of AUTHINFO SASL.  The only reason for this to hold it up
is if for some reason the group feels that NNTP has some special
requirements that require a new SASL mechanism to be developed as the
mandatory-to-implement mechanism.  I don't think there is a very strong
argument against using TLS/PLAIN for this purpose (given that this WG
seems to be insistent that the servers receive copies of the plaintext
passwords, and keeping in mind that you are free to implement whatever
other SASL mechanisms you want).

-Rob

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski | Andrew Systems Group * Research Systems Programmer
PGP:0x5CE32FCC | Cyert Hall 207 * rjs3 at andrew.cmu.edu * 412.268.7456
-----BEGIN GEEK CODE BLOCK----
Version: 3.12
GCS/IT/CM/PA d- s+: a-- C++++$ ULS++++$ P+++$ L+++(++++) E W+ N o? K-
w O- M-- V-- PS+ PE++ Y+ PGP+ t+@ 5+++ R@ tv-@ b+ DI+++ G e h r- y?
------END GEEK CODE BLOCK-----




More information about the ietf-nntp mailing list