authmeth-15: mandatory-to-implement strong authent: msg#00003 ietf.ldapbis

There was considerable discussion at the IETF 63 meeting regarding recent research into challenge-response protocols (such as DIGEST-MD5) being vulnerable to off-line dictionary attacks (see http://www3.ietf.org/proceedings/05aug/minutes/sasl.html and http://www3.ietf.org/proceedings/05aug/slides/apparea-4/sld1.htm ).

One proposal was to recommend performing challenge-response authentication over TLS-protected connections. If we moved this dirction, then requiring the use of DIGEST-MD5 security layers seems redundant.

What effect, if any, does this have on our use of DIGEST-MD5 as the mandatory-to-implement strong authentication mechanism for LDAP?

Roger

<Prev in Thread]	Current Thread	[Next in Thread>

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Last Call: 'IANA Considerations for LDAP' to BCP: 00003, The IESG
Next by Date:	*Re: [Gen-art] A new* batch of IETF LC reviews - Sept 10th: 00003*, Joel M. Halpern*
Previous by Thread:	Last Call: 'IANA Considerations for LDAP' to BCPi: 00003, The IESG
Next by Thread:	Re: authmeth-15: mandatory-to-implement strong authentication: 00003, Mark Ennis
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Last Call: 'IANA Considerations for LDAP' to BCP: 00003, The IESG

Next by Date:

Re: [Gen-art] A *new* batch of IETF LC reviews - Sept 10th: 00003, Joel M. Halpern

Previous by Thread:

Last Call: 'IANA Considerations for LDAP' to BCPi: 00003, The IESG

Next by Thread:

Re: authmeth-15: mandatory-to-implement strong authentication: 00003, Mark Ennis

Indexes:

[Date] [Thread] [Top] [All Lists]

authmeth-15: mandatory-to-implement strong authentication: msg#00003

ietf.ldapbis