I've made the change using option #2.
Roger
>>> Alexey Melnikov <alexey.melnikov@isode.com> 09/16/05 8:30 pm >>> Roger Harrison wrote:
>Alexey Melnikov wrote: > > >>Excuse me for bringing the following issue so late. There is some text >> >> >> <>about DIGEST-MD5 in draft-ietf-ldapbis-authmeth-15.txt that bothers >> me: > >>> <>10. SASL DIGEST-MD5 Authentication Mechanism >>> >>> Support for subsequent authentication ([DIGEST-MD5] section 2.2) is >> >>> OPTIONAL in clients and servers. >>> >>> >>The sentence seem to be trying to update definition of DIGEST-MD5 SASL >> >> >>mechanism. This goes against "a protocol profile SHOULD NOT attempt to >> >> >>amend the definition of mechanisms" statement in the SASL document. >>If there is an interoperability problem due to the lack of the quoted >> >> >>sentence, then perhaps the DIGEST-MD5 document is a better place to >>address it. >> >> > >The text in question from authmeth-15 dates back to RFC 2829, so I can >only speculate on the reason for including it. I imagine it was included >to provide the information without requiring the user to dig into the >DIGEST-MD5 document. > >With careful reading, it appears that the DIGEST-MD5 document already >states that neither client nor server is required to support subsequent >authentication even when the protocol profile allows it, so this text >does not change the intent of DIGEST-MD5. > > Right.
>I can see some options: > >1. Leave text as-is. Probably not satisfactory, particularly due to >the OPTIONAL keyword being used in the sentence. > >2. Modify text to remove keyword. Possible new text: "Note that >DIGEST-MD5 does not require clients or servers to support subsequent >authentication ([DIGEST-MD5] section 2.2)." > >3. Remove the text altogether and let people deduce this fact by >reading [DIGEST-MD5]. > >I prefer #2 and would consider #3 if the text in [DIGEST-MD5] were made >more explicit regarding the optional nature of subsequent authentication >support. > > I think #2 is sensible: you need to make clear that this is not an additional requirement, but just an extract from the DIGEST-MD5 document.
|