[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: draft minutes from Chicago meeting

To: ietf-ldapext@netscape.com
Subject: Re: draft minutes from Chicago meeting
From: Phil Pinkerton <phil%jade@wg.icl.co.uk>
Date: Thu, 01 Oct 1998 11:29:15 +0100
Resent-date: Thu, 01 Oct 1998 03:43:23 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"TbYKx3.0.Os.8pr4s"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

My final comment on this ...

I thought the idea was to mandate a SASL mechanism that allowed any
directory client to be able, as a minimum capability, to authenticate to any
directory server using a mechanism that is guaranteed to be supported.  This
doesn't exclude further capability being supported by individual servers to
provide product differentiation.

To this end, what is required is a simple mechanism that is easy to
implement (by both client and server) provides confidentiality of sensitive
information, e.g. passwords, and has little or no impact on normal directory
access performance.  Anything beyond this is to heavy to mandate.

Therefore, simple authentication using protected passwords (e.g. CRAM-MD5,
HTTP-DIGEST, or whatever) must be the right choice to mandate.  I have no
axe to grind either way.

How servers protect data in distributed or replicated environments is surely
beyond this debate.  Let's all agree on something simple so that we can get
on and implement it.

Regards,

Phil Pinkerton, ICL

Follow-Ups:
- Re: draft minutes from Chicago meeting
  - From: Leif Johansson <leifj@matematik.su.se>
- Re: draft minutes from Chicago meeting
  - From: Erik Skovgaard <eskovgaard@geotrain.com>

Next by Date: AD: Stock-Pick Discovers Media Goldmine!!
Index(es):
- Chronological
- Thread