Re: Compromise Authentication Proposal

["John C. Strassner" <johns@cisco.com>]

I fail to see how this is a compromise.

Furthermore, for those sites/vendors that don't choose to implement the
mandatory-to-implement mechanism, what exactly are we accomplishing, other
than ensuring that such sites are not in conformance?

What exactly was wrong with my compromise?

regards,
John

At 04:31 PM 10/2/98 -0700, Chris Newman wrote:
>How about the following proposal:
>
>The base requirements include a mandatory-to-implement hash-based
>authentication mechanism.  This works for thin clients, and has a low
>impact on implementation size for those sites/vendors which choose not to
>use the mandatory-to-implement mechanism as their primary mechanism.  This
>also meets the IESG mandate to make a good-faith effort to eliminate all
>use of unencrypted clear-text passwords in IETF protocols.  We keep TLS
>support a SHOULD as there appear to be no objections to that.
>
>The "distributed camp" will write an applicability statement for large
>scale distributed LDAP which requires implementation of a suitable
>distributed authentication mechanism (X.509 PK?).  If necessary, this
>applicability statement could also reduce the requirement to implement the
>hash-based authentication mechanism to a SHOULD for products intended only
>for large-scale distributed use. 
>
>Applicability statements are the standard technique in the IETF to deal
>with incompatible usage models for the same protocol.
>
>Does anyone object to this compromise proposal?
>
>		- Chris
>
>
>