[Date Prev][Date Next]
Re: SASL, TLS and SSLv3
On 1 Dec, firstname.lastname@example.org wrote:
> It is my understanding that SASL is not an issue since it involves
> only authentication, not encryption.
Quote from rfc2222 (Simple Authentication and Security Layer):
During the authentication protocol exchange, the mechanism performs
authentication, transmits an authorization identity (frequently known
as a userid) from the client to server, and negotiates the use of a
mechanism-specific security layer. If the use of a security layer is
agreed upon, then the mechanism must also define or negotiate the
maximum cipher-text buffer size that each side is able to receive.
// Bart Hartgers <Hartgers@kfm1.phys.tue.nl>
// UCE NOT wanted!!