Re: DIGEST-MD5: conflict between RFC 2829 and RFC 2831

["RL 'Bob' Morgan" <rlmorgan@washington.edu>]

Steve:

As Kurt mentioned, both RFCs 2829 and 2831 are in the process of being
rewritten to move to Draft Standard status (if possible) and discussion is
happening on the ietf-ldabis list.  The content of RFC 2829 in particular
will be reorganized for clarity, including the bind/sasl language
currently in RFC 2251.  This bug (thanks for the catch, Steve, and you
too, Larry) is an excellent example of why it is A Bad Thing to restate
specifics of SASL mechanisms in application-protocol SASL profiles, so we
should avoid making this mistake again as we rewrite.

 - RL "Bob"

---

> Since I've just started following these lists, I'm not clear on how to
> get this resolved; I'm certainly willing to help.  A possible re-wording
> is:
>
>
> RFC 2831
>   ...
>   The server receives and validates the "digest-response". The server
>   checks that the nonce-count is "00000001". It sends a message
> formatted as follows:
>
>   ...(description of rspauth )...
>
>   If the server supports subsequent authentication (see section 2.2), it
> saves the value of the nonce   and the nonce-count.
>   ...
>
> RFC 2829
>    ...
>    The server will respond with a bind response in which the resultCode
>    is either success, or an error indication.  If the authentication is
>    successful , then the credentials field contains the string defined
> by "response-auth"
>    in section 2.1.3 of [4].   Support for subsequent authentication is
>    OPTIONAL in clients and servers.
>    ...