[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: WG Last Call: draft-ietf-ldapbis-authmeth-15.txt

To: "Alexey Melnikov" <alexey.melnikov@isode.com>
Subject: Re: WG Last Call: draft-ietf-ldapbis-authmeth-15.txt
From: "Roger Harrison" <RHARRISON@novell.com>
Date: Mon, 19 Sep 2005 07:47:19 -0600
Cc: <ietf-ldapbis@OpenLDAP.org>
In-reply-to: <432B0F2A.8090008@isode.com>
References: <6.2.1.2.0.20050906130652.02b51008@mail.openldap.org> <43274905.4070207@isode.com> <432A0110.DBA8.00BF.0@novell.com> <432B0F2A.8090008@isode.com>

I've made the change using option #2.

Roger

>>> Alexey Melnikov <alexey.melnikov@isode.com> 09/16/05 8:30 pm >>>
Roger Harrison wrote:

>Alexey Melnikov  wrote:
>
>
>>Excuse me for bringing the following issue so late. There is some text
>>
>>
>> <>about DIGEST-MD5 in draft-ietf-ldapbis-authmeth-15.txt that bothers
>> me:
>
>>> <>10. SASL DIGEST-MD5 Authentication Mechanism
>>>
>>> Support for subsequent authentication ([DIGEST-MD5] section 2.2) is
>>
>>>  OPTIONAL in clients and servers.
>>>
>>>
>>The sentence seem to be trying to update definition of DIGEST-MD5 SASL
>>
>>
>>mechanism. This goes against "a protocol profile SHOULD NOT attempt to
>>
>>
>>amend the definition of mechanisms" statement in the SASL document.
>>If there is an interoperability problem due to the lack of the quoted
>>
>>
>>sentence, then perhaps the DIGEST-MD5 document is a better place to
>>address it.
>>
>>
>
>The text in question from authmeth-15 dates back to RFC 2829, so I can
>only speculate on the reason for including it. I imagine it was included
>to provide the information without requiring the user to dig into the
>DIGEST-MD5 document.
>
>With careful reading, it appears that the DIGEST-MD5 document already
>states that neither client nor server is required to support subsequent
>authentication even when the protocol profile allows it, so this text
>does not change the intent of DIGEST-MD5.
>
>
Right.

>I can see some options:
>
>1. Leave text as-is.  Probably not satisfactory, particularly due to
>the OPTIONAL keyword being used in the sentence.
>
>2. Modify text to remove keyword. Possible new text: "Note that
>DIGEST-MD5 does not require clients or servers to support subsequent
>authentication ([DIGEST-MD5] section 2.2)."
>
>3. Remove the text altogether and let people deduce this fact by
>reading [DIGEST-MD5].
>
>I prefer #2 and would consider #3 if the text in [DIGEST-MD5] were made
>more explicit regarding the optional nature of subsequent authentication
>support.
>
>
I think #2 is sensible: you need to make clear that this is not an
additional requirement, but just an extract from the DIGEST-MD5 document.

References:
- WG Last Call: draft-ietf-ldapbis-authmeth-15.txt
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: WG Last Call: draft-ietf-ldapbis-authmeth-15.txt
  - From: Alexey Melnikov <alexey.melnikov@isode.com>
- Re: WG Last Call: draft-ietf-ldapbis-authmeth-15.txt
  - From: "Roger Harrison" <RHARRISON@novell.com>
- Re: WG Last Call: draft-ietf-ldapbis-authmeth-15.txt
  - From: Alexey Melnikov <alexey.melnikov@isode.com>

Prev by Date: Re: WG Last Call: draft-ietf-ldapbis-authmeth-15.txt
Next by Date: Reminder: WG Last Call: draft-ietf-ldapbis-authmeth-15.txt
Index(es):
- Chronological
- Thread