[Date Prev][Date Next]
Re: Comments about draft-ietf-ldapbis-authmeth-05.txt
Ramsay, Ron wrote:
But, but, but ....
They are being used in an LDAP context!
CRAM-MD5 will not be better than DIGEST-MD5 in this respect, and
considering lack of security of the former this is a non-starter.
If Digest-MD5 has to be 'localised' to LDAP, it should be done. If it can't be done, let's choose something like CRAM-MD5 for the mandatory-to-implement authentication method.
I don't believe that DIGEST-MD5 says anything that would prevent using
DNs with it.
From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org]
Sent: Thursday, 14 August 2003 00:23
To: Alexey Melnikov
Cc: Ramsay, Ron; LDAPBis WG
Subject: Re: Comments about draft-ietf-ldapbis-authmeth-05.txt
At 06:14 AM 8/13/2003, Alexey Melnikov wrote:
I suggest that some text about the issue should be included in draft-ietf-ldapbis-authmeth.
If authmeth says anything about DNs and DIGEST-MD5, it should say
that the DIGEST-MD5 username and realm fields are, per the DIGEST-MD5
TS, syntactically and semantically not DNs. They are syntactically
and semantically simple usernames and realms, respectively.