[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Authentication Methods for LDAP - last call (mandatory CRAM-M D5)

To: 'Chris Newman' <Chris.Newman@INNOSOFT.COM>
Subject: RE: Authentication Methods for LDAP - last call (mandatory CRAM-M D5)
From: Paul Leach <paulle@microsoft.com>
Date: Wed, 05 Aug 1998 17:55:33 -0700
Cc: "'ietf-ldapext@netscape.com'" <ietf-ldapext@netscape.com>
Resent-date: Wed, 05 Aug 1998 17:55:53 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"DrfCy3.0.pg5.NyFor"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

We can deploy Digest in the same time frame as CRAM-MD5. It's deployment
that counts -- perfect undeployed protocols do not increase security. And
mandatory-to-inmplement weak deployed protocols decrease security if there
are better alternatives available in the same time frame.

Since what seems to be the problem here is politics, why not make TLS the
mandatory-to-implement?

Paul

Prev by Date: Internet Draft submission cutoff date
Next by Date: Re: Auth Compromise (was Re: Authentication Methods for LDAP - last call)
Index(es):
- Chronological
- Thread