[Date Prev][Date Next] [Chronological] [Thread] [Top]

secure change-password protocol after Digest authentication?

To: IETF LDAP Extensions WG <ietf-ldapext@netscape.com>
Subject: secure change-password protocol after Digest authentication?
From: Frank Siebenlist <frank@dascom.com>
Date: Wed, 07 Oct 1998 11:22:37 -0700
Organization: DASCOM, Inc.
Resent-date: Wed, 07 Oct 1998 11:22:30 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"_C2ob.0.Zf5.Q5x6s"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

How do you securely change your password from a client that only supports Digest authentication and doesn't have any heavy weight SSL/TLS at its disposal?

Could the unspecified "confidentiality protection" feature of Digest/SASL help out there?

Not sure if this is the right mailing list, but I couldn't find any discussion about this topic anywhere.

-Frank.

-- 
Frank Siebenlist              DASCOM, Inc. 
Chief Architect               3004 Mission Street
Email: frank@dascom.com       Santa Cruz, CA 95060, USA
Phone: +1 831/460-3600        Fax: +1 831/460-0255

Prev by Date: Re: Compromise Authentication Proposal
Next by Date: RE: Compromise Authentication Proposal
Index(es):
- Chronological
- Thread