[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: authmeth: removal of DIGEST-MD5

To: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Subject: Re: authmeth: removal of DIGEST-MD5
From: Howard Chu <hyc@highlandsun.com>
Date: Thu, 13 Oct 2005 12:57:55 -0700
Cc: Roger Harrison <RHARRISON@novell.com>, ietf-ldapbis@OpenLDAP.org
In-reply-to: <hbf.20051013n33g@bombur.uio.no>
References: <434E57D0.DBA8.00BF.0@novell.com> <hbf.20051013n33g@bombur.uio.no>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20050925 SeaMonkey/1.1a

Hallvard B Furuseth wrote:

Roger Harrison writes:

Based on the comments to the WG over the past several days, I believe
that authmeth should only reference DIGEST-MD5 in historical terms.


You should probably keep much of the DIGEST-MD5 text on authmeth-15
page 16 and generalize it to talk about SASL.


Good point.

I would like to replace this reference with DIGEST-MD5 with another
mechanism (it does not need to be normative) that would not disclose
the password to the server.  Suggestions?


CRAM-MD5 seems to be the only alternative mechanism which is widely
enough deployed to suggest now.  That mechanism apparently has its own
problems, though.  So I suggest to keep the DIGEST-MD5 reference.


Indeed. Definitely not CRAM-MD5.

--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/

References:
- authmeth: removal of DIGEST-MD5
  - From: "Roger Harrison" <RHARRISON@novell.com>
- Re: authmeth: removal of DIGEST-MD5
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: Re: authmeth-15 notes
Next by Date: Re: authmeth: removal of DIGEST-MD5
Index(es):
- Chronological
- Thread