[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Compromise Authentication Proposal
How about the following proposal:
The base requirements include a mandatory-to-implement hash-based
authentication mechanism. This works for thin clients, and has a low
impact on implementation size for those sites/vendors which choose not to
use the mandatory-to-implement mechanism as their primary mechanism. This
also meets the IESG mandate to make a good-faith effort to eliminate all
use of unencrypted clear-text passwords in IETF protocols. We keep TLS
support a SHOULD as there appear to be no objections to that.
The "distributed camp" will write an applicability statement for large
scale distributed LDAP which requires implementation of a suitable
distributed authentication mechanism (X.509 PK?). If necessary, this
applicability statement could also reduce the requirement to implement the
hash-based authentication mechanism to a SHOULD for products intended only
for large-scale distributed use.
Applicability statements are the standard technique in the IETF to deal
with incompatible usage models for the same protocol.
Does anyone object to this compromise proposal?
- Chris