[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL mechanisms that return no data in last leg

At 07:14 PM 3/9/2004, Alexey Melnikov wrote:
>Kurt D. Zeilenga wrote:
>>I'd have to agree with Alexey.  The mechanism for provide data
>>with the last leg of the exchange is optional.  That is, if there
>>is data to be sent AND the server chooses not to require
>>another roundtrip, the server can attach the data to last
>>Another point is that SASL allows the mechanism data
>>in any message of the exchange to be any octet string,
>>including a zero length string.  Hence, it seems that
>>no string and a zero length string are not necessarily
>>semantically equivalent here.
>This is correct, however LDAP is the first SASL profile I've seen that is able to represent them differently.
>Do you think that we should say something about this in the base SASL document?

I suggest we take this one to the SASL WG list.  I suspect they
will have to say something about this, such as they had to do
for zero-length v. absent authorization identity strings.  Once
they reach consensus as to what to say, we'll adapt as needed.

I suspect they will have to be declared equivalent and a
recommendation made that applications support one or the
other but not both.