At 07:25 PM 5/12/2003, Ramsay, Ron wrote:
I don't believe you can mandate simple/TLS!
I certainly cannot mandate it. But the IETF certainly can.
At the time RFC 2829 was debated, a large number on the WG wanted this. They did not get their way because of the complexity of the solution. It was argued that a password-based method would be better. I think they believed it would still be DN/password, though.
I think clear from this discussion that some folks didn't
get what they thought they were getting.
If one takes the view that RFC 2829 intended DNs in DIGEST-MD5
user names, than RFC 2829 is serious broken. DNs in DIGEST-MD5
is not workable. So, it would be quite reasonable to open a
discussion on choosing a different mandatory-to-implement strong
authentication mechanism.
If one takes the view that RFC 2829 intended user name in
DIGEST-MD5 user names, then RFC 2829 just needs some clarification.
However, since significant specification and interoperability issues
exist with DIGEST-MD5, it would be reasonable here to open a
discussion on choosing a different mandatory-to-implement strong
authentication method.
At this point, I (as co-chair), consider the issue open.
Kurt