[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Interactivity in SASL mechanisms

To: ietf-sasl@xxxxxxx
Subject: Interactivity in SASL mechanisms
From: Laurence Lundblade <lgl@xxxxxxxxxxxx>
Date: Wed, 08 Sep 1999 10:46:13 -0700
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
References: <> <>
Sender: owner-ietf-sasl@xxxxxxx

Looking at a couple of the newer SASL mechanisms such as DIGEST and SecureID I see they presume the possibility of some interaction with the user during the SASL negotiation. I believe this can't be avoided in some cases, but it is undesirable as for example:

- mail checking and sending are often unattended
- interaction increases connect time which:
    - can cost if you pay by the minute (e.g. wireless data call)
    - can add load to the server (processes hang around)
- mail checks often connect to multiple mail servers. It is better
  to get all the credentials up front before all the mail checks
  start because one often starts a mail check and then goes
  for a cup of coffee or such
- mail checking and sending are often background operations
  and popping up dialogues for authentication can be confusing

One thing I've done already with SMTP AUTH is to remember what the server said last time. This may work with things like realms but I haven't tried to implement it yet.

So it seems that eliminating interactively would be a good thing for SASL mechanisms.

LL

Follow-Ups:
- Re: Interactivity in SASL mechanisms
  - From: RL 'Bob' Morgan

References:
- RE: DIGEST-MD5 SASL mechanism?
  - From: Paul Leach
- Re: DIGEST-MD5 SASL mechanism?
  - From: Lawrence Greenfield

Prev by Date: Re: Realms (DIGEST-MD5 and otherwise)
Next by Date: RE: Interactivity in SASL mechanisms
Previous by thread: Re: DIGEST-MD5 SASL mechanism?
Next by thread: Re: Interactivity in SASL mechanisms
Index(es):
- Date
- Thread