[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Comments about draft-ietf-ldapbis-authmeth-05.txt

To: "Ramsay, Ron" <Ron.Ramsay@ca.com>
Subject: Re: Comments about draft-ietf-ldapbis-authmeth-05.txt
From: Alexey Melnikov <Alexey.Melnikov@isode.com>
Date: Sat, 16 Aug 2003 16:04:04 +0100
Cc: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>, LDAPBis WG <ietf-ldapbis@OpenLDAP.org>
In-reply-to: <1395B4B334FCC143B36AF788E68B638167C9FE@ausyms21.ca.com>
References: <1395B4B334FCC143B36AF788E68B638167C9FE@ausyms21.ca.com>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)

Ramsay, Ron wrote:

But, but, but ....

They are being used in an LDAP context!

I agree.

If Digest-MD5 has to be 'localised' to LDAP, it should be done. If it can't be done, let's choose something like CRAM-MD5 for the mandatory-to-implement authentication method.

CRAM-MD5 will not be better than DIGEST-MD5 in this respect, and considering lack of security of the former this is a non-starter.

I don't believe that DIGEST-MD5 says anything that would prevent using DNs with it.

Ron

-----Original Message-----
From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org]
Sent: Thursday, 14 August 2003 00:23
To: Alexey Melnikov
Cc: Ramsay, Ron; LDAPBis WG
Subject: Re: Comments about draft-ietf-ldapbis-authmeth-05.txt

At 06:14 AM 8/13/2003, Alexey Melnikov wrote:

I suggest that some text about the issue should be included in draft-ietf-ldapbis-authmeth.


If authmeth says anything about DNs and DIGEST-MD5, it should say
that the DIGEST-MD5 username and realm fields are, per the DIGEST-MD5
TS, syntactically and semantically not DNs.  They are syntactically
and semantically simple usernames and realms, respectively.

Alexey

References:
- RE: Comments about draft-ietf-ldapbis-authmeth-05.txt
  - From: "Ramsay, Ron" <Ron.Ramsay@ca.com>

Prev by Date: Re: Comments about draft-ietf-ldapbis-authmeth-05.txt
Next by Date: Re: Comments about draft-ietf-ldapbis-authmeth-05.txt
Index(es):
- Chronological
- Thread