[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on draft-leach-digest-sasl-01.txt

To: Paul Leach <paulle@xxxxxxxxxxxxx>
Subject: Re: Comments on draft-leach-digest-sasl-01.txt
From: Alexey Melnikov <mel@xxxxxxxxx>
Date: Sun, 17 Jan 1999 03:05:46 +0300
Cc: ietf-sasl@xxxxxxx
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Organization: Epsylon Technologies
References: <>
Sender: owner-ietf-sasl@xxxxxxx

After playing with DIGEST client and server implementations I have few
questions:

IMAP4 example given in the document doesn't include "Step Three". This step is
optional, isn't it? I would like to make this clear in the spec.


Paul Leach wrote:

> > qop
> >   Indicates what "quality of protection" the client accepted. If
> >   present, its value MUST be one of the alternatives the server
> >   indicated it supports in digest-challenge. If not present, it
> >   defaults to "auth". These values affect the computation of the
> >   response. Note that this is a single token, not a quoted list of
> >   alternatives.
> > *
> > * It's unclear whether this option is required to be present
> > or not, because
> > * it's unclear whether qop-options is required in the challenge.
> > * Needs to be resolved.
> > *

So client may omit qop and in this case it is defaulted to "auth" in all
calculations, am I right?

>
> > digest-uri
> >   Indicates the principal name of the service with which the client
> >   wishes to connect, formed from the serv-type, host, and serv-name.
> >   For example, the FTP service on "ftp.xyz.com" would have a "digest-
> >   uri" value of "ftp/ftp.xyz.com"; the SMTP server from the example
> >   above would have a "digest-uri" value of
> > "smtp/mail3.xyz.com/xyz.com"
> > *
> > * what does it mean if the client omits this option?
> > *
>
> I'll have to think about it.

So, what do you think Paul?

I believe that digest-uri is required. If not present, authentication should
fail. (My opinion conflicts with example)

Another one question : should a server verify digest-uri?

--
Best Regards,
Alexey Melnikov
+----------------------------------------------------+
|SMTP/POP3/IMAP4/ACAP  | Epsylon Technologies, Russia|
|servers creation team |     http://www.taxxi.com    |
|----------------------------------------------------|
|Imap Development Kit (my own product)               |
|http://194.87.43.111/homerus/mail/idk/index.htm     |
|----------------------------------------------------|
|Fax (in San Diego, California): 1 (619) 8393837     |
+----------------------------------------------------+

References:
- RE: Comments on draft-leach-digest-sasl-01.txt
  - From: Paul Leach

Prev by Date: How to be removed from this list
Next by Date: cyrus-sasl-1.3b1
Previous by thread: RE: Comments on draft-leach-digest-sasl-01.txt
Next by thread: comments on draft-leach-digest-sasl-01.txt
Index(es):
- Date
- Thread