[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Rehash and once again, a proposal to move on
Steve,
LDAP v3 *does* support CRAM-MD5 since it refers to RFC 2222 which in tern
refers to some IANA file - which includes CRAM-MD5.
What we are discussing - unless I am wrong - is what we make mandatory and
presumably what vendors will implement. Of course everyone on the list
should realize that whatever we make mandatory is the *only* method(s) that
will be implemented universially.
I fully agree that we *do* need strong authentication. I am only asking
that we identify the target environments.
Cheers, ....Erik.
--------------------------------------
Erik Skovgaard
GeoTrain Corp.
LDAP/X.500 Training and Consulting
http://www.geotrain.com
At 07:40 02/10/98 +0100, Steve Kille wrote:
>John,
>
>An observation is that I see a lot of divergent views on
>the list. I think that none of the options which I see on
>the table would meet an IETF "rough consensus" as there is
>so much divergence. Whatever was said at the meeting, I
>do not think it makes sense to state a conclusion/direction
>(yet).
>
>I think that it might be useful to try to break down all of
>the options into a series of questions (with as little
>dependency between all of the questions as possible).
>Then conduct a "straw poll". This is not to make a
>decision, but to try to find out where there is agreement.
>
>Example:
>
> - Should LDAP support CRAM-MD5?
> - Should CRAM-MD5 be mandatory?
>
>(probably need to allow more than just yes/no answers)
>
>
>Some care should be take to work out the questions
>
>
>Steve
>
>