Re: authmeth: removal of DIGEST-MD5

[Ludovic Poitou <Ludovic.Poitou@Sun.COM>]

I'm fine with keeping the sentence as is. This is not a normative reference.

Ludovic.

Kurt D. Zeilenga wrote:
> At 11:49 AM 10/13/2005, Roger Harrison wrote:
>
>   
> > Based on the comments to the WG over the past several days, I believe that authmeth should only reference DIGEST-MD5 in historical terms.  The Simple Mechanism Security Considerations currently state: 
> >
> > "The name/password authentication mechanism of the simple Bind method discloses the password to the server, which is an inherent security risk. There are other mechanisms such as DIGEST-MD5 that do not disclose the password to the server." 
> >
> > I would like to replace this reference with DIGEST-MD5 with another mechanism (it does not need to be normative) that would not disclose the password to the server. Suggestions? 
> >     
>
> I'm fine with leaving this sentence in place as it doesn't
> require a normative reference to DIGEST-MD5. 
>
>   

--
Ludovic Poitou                                    Sun Microsystems Inc.
Software Architect                               Directory Server Group
http://blogs.sun.com/Ludo                              Grenoble, France

Sun Microsystems requires the following notice:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTICE:  This email message is for the sole use of the intended
recipient(s) and may contain confidential and privileged information.
Any unauthorized review, use, disclosure or distribution is prohibited.
If you are not the intended recipient, please contact the sender by
reply email and destroy all copies of the original message.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~