[Date Prev][Date Next] [Chronological] [Thread] [Top]

Compromise Authentication Proposal

To: IETF LDAP Extensions WG <ietf-ldapext@netscape.com>
Subject: Compromise Authentication Proposal
From: Chris Newman <Chris.Newman@INNOSOFT.COM>
Date: Fri, 02 Oct 1998 16:31:34 -0700 (PDT)
Resent-date: Fri, 02 Oct 1998 16:31:50 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"-8Jab2.0.nd.a9M5s"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

How about the following proposal:

The base requirements include a mandatory-to-implement hash-based
authentication mechanism.  This works for thin clients, and has a low
impact on implementation size for those sites/vendors which choose not to
use the mandatory-to-implement mechanism as their primary mechanism.  This
also meets the IESG mandate to make a good-faith effort to eliminate all
use of unencrypted clear-text passwords in IETF protocols.  We keep TLS
support a SHOULD as there appear to be no objections to that.

The "distributed camp" will write an applicability statement for large
scale distributed LDAP which requires implementation of a suitable
distributed authentication mechanism (X.509 PK?).  If necessary, this
applicability statement could also reduce the requirement to implement the
hash-based authentication mechanism to a SHOULD for products intended only
for large-scale distributed use. 

Applicability statements are the standard technique in the IETF to deal
with incompatible usage models for the same protocol.

Does anyone object to this compromise proposal?

		- Chris

Prev by Date: Re: draft minutes from Chicago meeting
Next by Date: Re: Compromise Authentication Proposal
Index(es):
- Chronological
- Thread