[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: I-D ACTION:draft-zeilenga-ldap-authpasswd-03.txt

To: Rich Salz <rsalz@caveosystems.com>
Subject: Re: I-D ACTION:draft-zeilenga-ldap-authpasswd-03.txt
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Fri, 14 Jul 2000 11:15:22 -0700
Cc: ietf-ldapext@netscape.com
In-reply-to: <396F4929.D074FD85@caveosystems.com>
References: <200007131027.GAA11142@ietf.org> <4.3.2.7.0.20000714084856.00b3f9f0@infidel.boolean.net>

I have added to "Background and Intended Usage"

Storage schemes often use of cryptographic strength one-way hashing. 
Though the use of one-way hashing reduces the potential that exposed
values will allow unauthorized access to the Directory (unless the 
hash algorithm/implementation is flawed), the hashing of passwords
is intended to be as an additional layer of protection.  It is
RECOMMENDED that hashed values be protected as if they were clear 
text passwords.

and to "Security Considerations"

As flaws may be discovered in the hashing algorithm or with a 
particular implementation of the algorithm, values of AuthPassword
SHOULD be protected as if they were clear text passwords.  When  
values are transferred, privacy protections, such as IPSEC or TLS,
SHOULD be in place.

References:
- I-D ACTION:draft-zeilenga-ldap-authpasswd-03.txt
  - From: Internet-Drafts@ietf.org
- Re: I-D ACTION:draft-zeilenga-ldap-authpasswd-03.txt
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: I-D ACTION:draft-zeilenga-ldap-authpasswd-03.txt
  - From: Rich Salz <rsalz@caveosystems.com>

Prev by Date: Re: I-D ACTION:draft-zeilenga-ldap-authpasswd-03.txt
Next by Date: draft-ietf-ldapext-acl-model-06.txt - please publish
Index(es):
- Chronological
- Thread