[NNTP] Re: Comments on draft-ietf-nntp-tls-nntp-05.txt
Ken Murchison
ken at oceana.com
Tue May 24 12:14:54 PDT 2005
Russ Allbery wrote:
> EKR <ekr at networkresonance.com> writes:
>
>
>>Sure, but now we're into the "is this a worthwhile optimization" phase.
>
>
> Right, understood. I do agree that that's a question to ponder.
>
>
>>There's a substantial complexity cost to having SSL/TLS implementations
>>rehandshake. If you just wanted to do NULL all the time, I'd have no
>>real argument with that. It's the desire to negotiate RC4 (or whatever)
>>and then back down to NULL that I think needs to be supported with
>>measurements.
>
>
> That makes sense. I don't think that down-negotiation is the approach
> that anyone really wants; what we want is widespread deployment of a SASL
> mechanism that encrypts the password but still sends it. Unfortunately,
> widespread deployment of any new SASL mechanism takes a long time (for
> good reasons). However, widespread deployment of TLS down-negotiation is
> probably also not likely to happen quickly, so maybe that doesn't actually
> help.
Unless someone vigorously objects, I think I'm going to remove any
mention of down-negotiation from the draft. I will be drafting an
update to the expired PASSDSS SASL mech soon, which would hopefully be
the best alternative to TLS+PLAIN.
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
More information about the ietf-nntp
mailing list