[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Comments on X.509 SASL Authentication Mechanism

To: Ed Reed <ED_REED@novell.com>
Subject: Re: Comments on X.509 SASL Authentication Mechanism
From: Chris Newman <Chris.Newman@innosoft.com>
Date: Fri, 24 Apr 1998 17:05:24 -0700 (PDT)
Cc: S.Kille@isode.com, IETF LDAP Extensions WG <ietf-ldapext@netscape.com>
Delivered-to: ldapext-archive@critical-angle.com
In-reply-to: <s5407da3.055@novell.com>
Resent-date: Fri, 24 Apr 1998 17:04:12 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"v3z88.0.iC.vXIGr"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

On Fri, 24 Apr 1998, Ed Reed wrote:
> I wonder if this is the time to suggest a slight modification to the
> client authentication mechanism described...
> ...
> Now...what I'm aiming for here is to allow the use of derived
> credentials in lieu of the long-term private key of the user.
> ...

I'd be inclined to say that if you want this, you may as well use a full  
TLS layer.  The first letter of "SASL" is "Simple" and that's the primary
reason why it's useful to be able to use X.509 certs either via SASL or
via TLS, IMHO.

--
                - Chris

"Good security is hard.  X.509 is harder."

References:
- Re: Comments on X.509 SASL Authentication Mechanism
  - From: "Ed Reed" <ED_REED@novell.com>

Prev by Date: draft minutes of April meeting
Next by Date: Re: Comments on X.509 SASL Authentication Mechanism
Index(es):
- Chronological
- Thread