[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Compromise Authentication Proposal
I fail to see how this is a compromise.
Furthermore, for those sites/vendors that don't choose to implement the
mandatory-to-implement mechanism, what exactly are we accomplishing, other
than ensuring that such sites are not in conformance?
What exactly was wrong with my compromise?
regards,
John
At 04:31 PM 10/2/98 -0700, Chris Newman wrote:
>How about the following proposal:
>
>The base requirements include a mandatory-to-implement hash-based
>authentication mechanism. This works for thin clients, and has a low
>impact on implementation size for those sites/vendors which choose not to
>use the mandatory-to-implement mechanism as their primary mechanism. This
>also meets the IESG mandate to make a good-faith effort to eliminate all
>use of unencrypted clear-text passwords in IETF protocols. We keep TLS
>support a SHOULD as there appear to be no objections to that.
>
>The "distributed camp" will write an applicability statement for large
>scale distributed LDAP which requires implementation of a suitable
>distributed authentication mechanism (X.509 PK?). If necessary, this
>applicability statement could also reduce the requirement to implement the
>hash-based authentication mechanism to a SHOULD for products intended only
>for large-scale distributed use.
>
>Applicability statements are the standard technique in the IETF to deal
>with incompatible usage models for the same protocol.
>
>Does anyone object to this compromise proposal?
>
> - Chris
>
>
>