Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Tom Yu <tlyu <at> mit.edu>
Subject: IETF68 SASL WG summary
Newsgroups: gmane.ietf.saag
Date: Friday 23rd March 2007 02:07:00 UTC (over 10 years ago)
SASL WG
Wednesday, March 21, 2006, at 1300-1500

SUMMARY
=======

Thanks to Bob Morgan for scribing.

Document Status:

draft-ietf-sasl-crammd5-08     in WGLC
draft-ietf-sasl-gs2-07         in WGLC
draft-ietf-sasl-gssapi-08      RFC 4752
draft-ietf-sasl-rfc2831bis-12  some issues...

WGLC documents -- mostly only have minor issues.  We need more
reviewers for CRAM-MD5.

Given problems with DIGEST-MD5 in terms of interoperability and
implementability, there appears to be consensus to move DIGEST-MD5 (in
the form of RFC 2831) to Historic.

Presentations about several proposed alternative password-based
mechanisms:

draft-cridland-sasl-hexa-00.txt
draft-newman-auth-scram-04.txt
draft-zeilenga-sasl-yap-00.txt

HEXA and SCRAM are somewhat similar and may end up being combined
eventually.  YAP may remain independent.  There appears to be
consensus for adopting at least one of these hash-based password
mechanisms as a WG work item, and adopting some HEXA+SCRAM derivative
as a replacement for DIGEST-MD5.  There appears to be consensus that
the WG doesn't yet have enough information about application
requirements to determine whether one of these mechanisms or two of
these mechansisms should be adopted.

Kurt talked about interop reports, and there was discussion about the
Draft Standard advancement process.

Alexey talked about Sam's Discuss on the smtp-auth document, regarding
mandating of the verification of server TLS certificates when using
PLAIN over TLS.

ACTION ITEMS
============

* in the next week, acquire more information about application
  requirements upon password-based mechanisms.

* conclude WG Last Calls

* recharter including DIGEST-MD5 replacement(s)
 
CD: 3ms