[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Authentication Methods for LDAP - last call




> -----Original Message-----
> From: Tim Howes [mailto:howes@netscape.com]
> Sent: Thursday, August 13, 1998 10:49 AM
> To: Chris Newman
> Cc: Paul Leach; IETF LDAP Extensions WG
> Subject: Re: Authentication Methods for LDAP - last call
> 
> I'm not. That would delay us (and every other thing
> the LDAPEXT group is working on) for about a year,
> would be my guess. It may be that when we have a
> good replacement for cram-md5 we should incorporate
> that into the ldap spec. But until such a thing
> exists, we should use the best that's available to
> us. That sounds like cram-md5.

It is not clear at all to me that using something other that CRAM-MD5 has to
delay us a year. I submitted a proposal for an alternative -- use of HTTP
Digest instead of CRAM-MD5. Digest is already a Proposed Standard. The
alternative section 8.1 is as complete a description of how to use Digest as
a SASL mechanism as the original is of how to use CRAM-MD5 as a SASL
mechanism. If the substitution were done and agreed to, it should take no
longer to go forward than wrangling about it.

Paul