[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SASL mechanisms that return no data in last leg
At 07:14 PM 3/9/2004, Alexey Melnikov wrote:
>Kurt D. Zeilenga wrote:
>
>>I'd have to agree with Alexey. The mechanism for provide data
>>with the last leg of the exchange is optional. That is, if there
>>is data to be sent AND the server chooses not to require
>>another roundtrip, the server can attach the data to last
>>message.
>>
>>Another point is that SASL allows the mechanism data
>>in any message of the exchange to be any octet string,
>>including a zero length string. Hence, it seems that
>>no string and a zero length string are not necessarily
>>semantically equivalent here.
>This is correct, however LDAP is the first SASL profile I've seen that is able to represent them differently.
>Do you think that we should say something about this in the base SASL document?
I suggest we take this one to the SASL WG list. I suspect they
will have to say something about this, such as they had to do
for zero-length v. absent authorization identity strings. Once
they reach consensus as to what to say, we'll adapt as needed.
I suspect they will have to be declared equivalent and a
recommendation made that applications support one or the
other but not both.
Kurt