[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: passwords in the clear
I think this is acceptable.
A server that can be configured so that it only uses SSL/TLS would satisfy
this proposal, though that is a rather crude solution. And a server that
allow simple bind to be disabled (completely, or only when there is no
protection layer) would be fine.
I don't recall the exact rules for what we do to existing implementations.
Does this break anybody? Or at least anybody that wouldn't be able to
satisfy this?
John McMeeking
Chris Newman
<Chris.Newman@Sun.CO To: ietf-ldapbis@OpenLDAP.org
M> cc:
Sent by: Subject: passwords in the clear
owner-ietf-ldapbis@O
penLDAP.org
11/11/2003 01:55 PM
The recent IMAP revision spec used to allow the LOGIN command (equivalent
to
simple bind) without requiring a security layer and this was rejected by
the
IESG.
In RFC 3501, we developed compromise text that addressed the IESG's desire
to
strongly deprecate passwords in the clear, while still allowing legacy
implementations. Recasting that text in LDAP terms looks roughly like
this:
----
Use of simple bind sends passwords in the clear. This can be
avoided by using SASL bind [SASL] with a mechanism
that does not use plaintext passwords, by first negotiating
encryption via STARTTLS or some other protection mechanism.
A server implementation MUST implement a configuration that, at the
time of authentication, requires:
(1) A STARTTLS encryption layer has been successfully negotiated.
OR
(2) Some other mechanism that protects the session from password
snooping has been provided.
OR
(3) The following measures are in place:
(a) The simple bind operation returns an error even if the
password is correct.
AND
(b) The SASL bind operation returns an error with all [SASL]
mechanisms that use plaintext passwords, even if the password
is correct.
----
- Chris