[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Comments on draft-zeilenga-ldap-authpasswd-01.txt

To: bobj@cup.hp.com
Subject: RE: Comments on draft-zeilenga-ldap-authpasswd-01.txt
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Tue, 15 Feb 2000 18:14:13 -0800
Cc: ietf-ldapext@netscape.com
Resent-date: Tue, 15 Feb 2000 18:14:50 -0800 (PST)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <DXUmY.A.YUF.Nggq4@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

At 04:28 PM 2/15/00 -0800, Bob Joslin wrote:
>I noticed you omitted the reply on the suggestion for changing the name of
>the attribute to hashPassword?  I assume you disagree with the suggestion?

I overlooked this suggestion.  See my comments below.

>4.1. authPasswordSyntax
>
>    ( authPasswordSyntaxOID
>      DESC 'authentication password syntax' )
>
>  Values of this syntax are encoded according to the following BNF:
>
>    authPasswordValue = scheme "$" [ info ] "$" hashedValue
>    scheme = <an IA5 string of letters, numbers, and "-", "_", and "/">
>    info = <a base64 encoded value>
>    hashedValue = <a base64 encoded value>
>
>  where scheme describes the hash mechanism, info is a scheme specific,
>  and hashedValue is the hashed value.  The info field is often a salt.
>
>If the authPasswordSyntax requires a hashedValue, why not change the name
>of the attribute to "hashPassword" instead of "authPassword?"

I intended to reword the section to not use the term "hash" but
to say the value stored a scheme specific.  The intent is for
this attribute to be capable of support a wide variety of
storage schemes used to support authentication via user passwords.

>I would think "hashPassword" would be a more descriptive name.

The primary usage of the attribute type is to support password
authentication mechanisms, hence the name "authPassword."

Prev by Date: Re: Comments on draft-zeilenga-ldap-authpasswd-01.txt
Next by Date: Confidential !
Index(es):
- Chronological
- Thread