[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Comments about draft-ietf-ldapbis-authmeth-05.txt
> -----Original Message-----
> From: owner-ietf-ldapbis@OpenLDAP.org
> [mailto:owner-ietf-ldapbis@OpenLDAP.org]On Behalf Of Mark Ennis
> Kurt,
> It still seems to me as though you are the one re-engineering
> LDAP and
> its application of DIGEST-MD5. I have yet to come across
> anything in the
> LDAP or SASL specifications which preclude the use of
> distinguished name
> strings in the DIGEST-MD5 username value, except possibly the
> normalisation of the username field being proposed in the
> SASLprep work.
The fact that Distinguished Names are necessarily of unbounded length, while
the DIGEST-MD5 "digest-response" (which must contain the username) is
restricted by RFC2831 to 4096 bytes or less, implies that these two concepts
are inherently disjoint.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support