[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Simple+TLS as mandatory-to-implement (RE: Issues with current authmeth draft.)



At 05:17 PM 5/14/2003, Mark Ennis wrote:
>We've already had this argument. It is up to the working group to decide this. I doubt anyone could claim consensus has been reached on this topic so far.

The argument we had regarding interpretation in this area
is moot at this point.

In a recent post you stated:
  Current development of the SASL specifications will move the
  SASL specifications in a direction which would not support
  my interpretation of RFC2829.

Exactly!  If the WG were to accept your interpretation, then the
chairs would be forced to declare LDAP's use of DIGEST-MD5 as
unworkable.  The WG would either have to revise RFC 2829 to be
consistent with the revised SASL specifications or choose
another available mechanism.

Now, if the WG accepted my interpretation, it could be argued
that DIGEST-MD5 as specification is workable but just needs
some clarification.  However, as there are some known RFC 2831
specification/interoperability issues, I feel it reasonable
for the WG to consider other available mechanisms.

So, you see, we don't need the WG to decide which interpretation
is correct, we need the WG to decide which of the available
mechanisms should now be the mandatory-to-implement mechanism.

So, what shall it be?

Kurt