[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: draft minutes from Chicago meeting
On Sat, 3 Oct 1998, Erik Skovgaard wrote:
> But the issue is different for most of these servers. In most cases
> (except for the web server, of course) the client won't need to contact
> several servers.
I disagree. With IMAP shared folders, there may be a need to connect to
multiple IMAP servers. In addition, there is a need to connect to the
same IMAP server multiple times if a user opens multiple folders
simultaneously. When reading email, one is likely to connect to LDAP
servers for directory lookups, IMAP servers to read mail, SMTP servers
(with SMTP AUTH) to authenticate and send mail, and ACAP servers to get
client configuration. Perhaps even NNTP servers to read news if it's not
been made available through IMAP.
If each of these had a different mandatory-to-implement mechanism, the
result would be a nightmare, especially if LDAP mandated client certs.
Don't forget that many (most?) of the LDAP clients people regularly use
today are also email clients. Internet email is one of the reasons that
LDAP continues to crush X.500 in the marketplace.
While CRAM-MD5 suffices in my book, Digest has the potential to be better
since it brings HTTP into the set of protocols with can share the
mandatory-to-implement mechanism. It's a shame so few people in the apps
area (and nobody in the security area) have paid attention to the need for
multi-protocol authentication technology.
Something as fundamental as a mandatory-to-implement mechanism can't be
determined with blinders that look at only one protocol at a time.
- Chris