[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authentication Methods for LDAP - last call

To: Mark Wahl <M.Wahl@INNOSOFT.COM>
Subject: Re: Authentication Methods for LDAP - last call
From: Steve Kille <S.Kille@isode.com>
Date: Sun, 02 Aug 1998 13:06:04 -0500 (Central Daylight Time)
Cc: ietf-ldapext@netscape.com, "John C. Strassner" <johns@cisco.com>, Tim Howes <howes@netscape.com>
In-reply-to: <17486.902078929@threadgill.austin.innosoft.com>
Resent-date: Sun, 02 Aug 1998 11:03:08 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"xeOGg3.0.2Z1.QdAnr"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

Mark,

If an enterprise chooses to adopt authentication scheme X, 
then only clients that support this scheme will 
interoperate with servers in that enterprise.  We are NOT 
going to force CRAM-MD5 onto all enterprises.  
Interoperability really is bogus in this case.

Steve


On Sun, 02 Aug 1998 12:28:49 -0500 Mark Wahl 
<M.Wahl@INNOSOFT.COM> wrote:

> 
> > Therefore, such implementations MUST support some secure form of 
> > authentication. Two such examples are CRAM-MD5 and certificates. 
> 
> While I understand the sentiment, this statement is not strong enough
> to ensure that different implementations will interoperate when vendors
> pick different forms.  Therefore clauses (2) and (3) are distinct: 
> (2) gives the minimum interoperability without passwords-in-the-clear 
> guarantee, and (3) describes how Start TLS can be used for providing 
> additional robust services with or without passwords.
> 
> Mark Wahl, Directory Product Architect
> Innosoft International, Inc.
> 
>

References:
- Re: Authentication Methods for LDAP - last call
  - From: Mark Wahl <M.Wahl@INNOSOFT.COM>

Prev by Date: Re: Authentication Methods for LDAP - last call
Next by Date: Re: Authentication Methods for LDAP - last call
Index(es):
- Chronological
- Thread