|
|
Re: authmeth-15: mandatory-to-implement strong authentication: msg#00034ietf.ldapbis
I believe WG consensus supports changing LDAP's mandatory-to-implement "strong" authentication algorithm from SASL/DIGEST-MD5 to StartTLS+simple(name/password). Hence, I direct the Editor to make appropriate changes to this draft to change the mandatory-to-implement "strong" authentication mechanism to StartTLS+simple(name/password). -- Kurt, LDAPBIS co-chair At 11:52 AM 9/10/2005, Roger Harrison wrote: >There was considerable discussion at the IETF 63 meeting regarding recent >research into challenge-response protocols (such as DIGEST-MD5) being >vulnerable to off-line dictionary attacks (see ><http://www3.ietf.org/proceedings/05aug/minutes/sasl.html>http://www3.ietf.org/proceedings/05aug/minutes/sasl.html > and ><http://www3.ietf.org/proceedings/05aug/slides/apparea-4/sld1.htm>http://www3.ietf.org/proceedings/05aug/slides/apparea-4/sld1.htm > ). > >One proposal was to recommend performing challenge-response authentication >over TLS-protected connections. If we moved this dirction, then requiring the >use of DIGEST-MD5 security layers seems redundant. > >What effect, if any, does this have on our use of DIGEST-MD5 as the >mandatory-to-implement strong authentication mechanism for LDAP? > >Roger |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: [Gen-art] A *new* batch of IETF LC reviews - Sept 10th: 00034, Joel M. Halpern |
|---|---|
| Next by Date: | I-D ACTION:draft-ietf-ldapbis-roadmap-08.txt: 00034, Internet-Drafts |
| Previous by Thread: | Re: authmeth-15: mandatory-to-implement strong authenticationi: 00034, Kurt D. Zeilenga |
| Next by Thread: | Re: [Gen-art] A *new* batch of IETF LC reviews - Sept 10th: 00034, Joel M. Halpern |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |