[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL, TLS and SSLv3

On  1 Dec, patl@phoenix.volant.org wrote:
> It is my understanding that SASL is not an issue since it involves
> only authentication, not encryption.
Quote from rfc2222 (Simple Authentication and Security Layer):

 During the authentication protocol exchange, the mechanism performs
   authentication, transmits an authorization identity (frequently known
   as a userid) from the client to server, and negotiates the use of a
   mechanism-specific security layer.  If the use of a security layer is
   agreed upon, then the mechanism must also define or negotiate the
   maximum cipher-text buffer size that each side is able to receive.


// Bart Hartgers  <Hartgers@kfm1.phys.tue.nl>
// UCE NOT wanted!!