[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Authentication Methods for LDAP - last call

To: 'Chris Newman' <Chris.Newman@INNOSOFT.COM>
Subject: RE: Authentication Methods for LDAP - last call
From: Paul Leach <paulle@microsoft.com>
Date: Thu, 13 Aug 1998 11:36:24 -0700
Cc: IETF LDAP Extensions WG <ietf-ldapext@netscape.com>
Resent-date: Thu, 13 Aug 1998 11:36:39 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"S8kmU2.0._61.p8pqr"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com


> -----Original Message-----
> From: Chris Newman [mailto:Chris.Newman@innosoft.com]
> Sent: Thursday, August 13, 1998 10:12 AM
> To: Paul Leach
> Cc: IETF LDAP Extensions WG
> Subject: RE: Authentication Methods for LDAP - last call
> 
<snip>
 
> > I posted a proposed substitute section 8.1, using Digest instead of
> > CRAM-MD5. It would permit shared authentication logic and 
> authentication
> > databases between HTTP and LDAP -- a BIG win, IMHO.
> 
> There is no standards track specification for HTTP digest in 
> SASL at this
> time, therefore it is out of order to propose it as a 
> replacement.

Why does it need to be a SASL mechanism? As far as I could tell, section 8.1
did not say "here's how to use any SASL mechanism with LDAP". It said
"here's how to use CRAM-MD5 with LDAP", and mentioned it by name.

My counterproposal said, equivalently, "here's how to use Digest with LDAP",
and Digest is standards track. Isn't that enough to satisfy the legalists?
It provides all the same function as CRAM-MD5 in this context, so whether it
has been officially dubbed "SASL" seems arbitrary. 


(I actually don't see what qualifies the current proposal for CRAM-MD5 in
LDAP as "SASL".)

Paul

Follow-Ups:
- RE: Authentication Methods for LDAP - last call
  - From: RL Bob Morgan <Bob.Morgan@Stanford.EDU>

Prev by Date: RE: Authentication Methods for LDAP - last call
Next by Date: Re: Authentication Methods for LDAP - last call
Index(es):
- Chronological
- Thread