RE: proposed standard for password syntax

[Steve Hoffman <steve.hoffman@pobox.com>]

Would someONE please post unsubscribe directions. I can't find them on
Netscape's site.

TIA,

STeve

> -----Original Message-----
> From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.Org]
> Sent: Wednesday, October 27, 1999 8:39 PM
> To: Pat Felsted
> Cc: ietf-ldapext@netscape.com
> Subject: Re: proposed standard for password syntax
>
>
> At 05:21 PM 10/27/99 -0600, Pat Felsted wrote:
> >The definition of a password is an octet string.
>
> No.  The LDAP definition is:
>
> 5.36. userPassword
>
>     ( 2.5.4.35 NAME 'userPassword' EQUALITY octetStringMatch
>       SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
>
>    Passwords are stored using an Octet String syntax and are not
>    encrypted.
>
> and is derived from X.500 specifications.  Suggestions to change
> this attribute type should be directed to appropriate X.500
> committees.
>
> >however many systems have overloaded the syntax to add hashes
> >as suggested in RFC 2307.
>
> RFC2307 is Informational (and informational).  However, in this
> case, it describes an ill advised practice, a practice which is
> in direct conflict with RFC2256.
>
> >This proposal attempts to standardize this overloading only for backward
> >compatibility.
>
> It's inappropriate to change to the specification of a standard
> track RFC defined attribute type without changing it's name and OID.
>
> 	Kurt
>
>