[ietf-nntp] I-D ACTION:draft-ietf-nntpext-authinfo-00.txt
Ken Murchison
ken at oceana.com
Sun May 16 13:01:15 PDT 2004
Andrew - Supernews wrote:
>>>>>>"Charles" == Charles Lindsey <chl at clerew.man.ac.uk> writes:
>
>
> Charles> c) Therefore, it MUST provide at least the DIGEST-MD5 SASL
> Charles> method so that its clients have _something_ to migrate to.
>
> What part of "this isn't going to happen" isn't getting through here?
Like Russ has said, this is an open framework, so any current or future
SASL mechanism will work. If you have the need for a SASL mechanism
which allows the plaintext password to be recovered, feel free to define
one, or resurrect Newman's PASS-DSS or Hansen's PKI drafts.
That being said, DIGEST-MD5 and TLS+PLAIN are only mandatory to
implement, NOT mandatory to use. They are mandatory to implement so
that we can guarantee that any two compliant client/server can be
configured to interoperate. Based on past experience, the IETF will
insist on having a mandatory to implement non-plaintext authentication
scheme for interoperability.
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
More information about the ietf-nntp
mailing list