[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: RE: Authentication Methods for LDAP - last call

To: Chris.Newman@INNOSOFT.COM, ietf-ldapext@netscape.com, paulle@MICROSOFT.com
Subject: RE: RE: Authentication Methods for LDAP - last call
From: kevins <jch@pwd.hp.com>
Date: Thu, 20 Aug 1998 19:08:26 +0100
Content-disposition: inline; filename="BDY.TXT"
Resent-date: Thu, 20 Aug 1998 11:08:58 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"Kvs-l2.0.N66.kO6tr"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

> However, if we all agree we're going to dump CRAM-MD5, then why can't 
LDAP
> go forward with TLS or Kerberos as the mandatory-to-implement?

Because TLS has unpleasant export licensing restrictions (I imagine, it 
is cryptotechnology after all) and kerberos requires a hell of a lot of 
infrastructure to get it working.  CRAM-MD5, while relatively insecure, 
is a least very easy to implement.  And, as Chris points out, ACAP used 
it for MTI.

jch

Prev by Date: RE: Authentication Methods for LDAP - last call
Next by Date: RE: Authentication Methods for LDAP - last call
Index(es):
- Chronological
- Thread