ietf-nntp Re: WG Review: Simple Authentication and Security Layer (sasl)

Charles Lindsey chl at clw.cs.man.ac.uk
Mon Dec 23 08:24:01 PST 2002


In <3E033112.5974D774 at oceana.com> Ken Murchison <ken at oceana.com> writes:

>Maybe its just me, but you seem to be projecting your particular
>implementation and its pros/cons on the entire community.  I'm sure that
>there are plenty of ISPs that can successfully provide secure
>authentication without the *NEED* for a DSS-type mechanism.  As I've
>stated before, I can definitely see a fit for such a mechanism, but you
>make it sound like nothing can be done without it.

Yes indeed so. Currently, they ALL authenticate their customers regularly
using AUTHINFO with plaintext passwords. It works fine.

The trouble is that the protocol is not written down anywhere, and we are
not permitted to write it down because the IETF won't let us :-( .

-- 
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131 Fax: +44 161 436 6133   Web: http://www.cs.man.ac.uk/~chl
Email: chl at clw.cs.man.ac.uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5



More information about the ietf-nntp mailing list