[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Interactivity in SASL mechanisms

To: "RL 'Bob' Morgan" <rlmorgan@xxxxxxxxxxxxxxxxxx>
Subject: Re: Interactivity in SASL mechanisms
From: Laurence Lundblade <lgl@xxxxxxxxxxxx>
Date: Thu, 09 Sep 1999 08:48:52 -0700
Cc: ietf-sasl@xxxxxxx
In-reply-to: <Pine.LNX.4.05.9909082207450.22637-100000@perq.cac.washingt on.edu>
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-sasl@xxxxxxx

Probably obvious, but my main concern was interactivity while connected to the server, not interactivity in general.

My main thought was that SASL mechanisms should be designed to support unattended operation when possible.

Another related and interesting side-effect of mechanisms like DIGEST is that they don't reveal the credentials to the server. This allows clients to rummage through their authentication wallet for credentials for a given realm and safely try it with the server without even prompting the user (if appropriate). I think this makes mechanisms like DIGEST useful even inside a TLS secured connection to a server where you're not worried about eaves droppers but are worried about revealing credentials to an imposter server.

LL

At 05:28 AM 9/9/99 +0000, RL 'Bob' Morgan wrote:

So if you're saying that well-designed clients need to support
interactivity when needed and unattended operation when needed, I agree.
If you're suggesting that mechanisms need to change to make this possible,
I don't.

- RL "Bob"

References:
- Interactivity in SASL mechanisms
  - From: Laurence Lundblade

Prev by Date: Re: Interactivity in SASL mechanisms
Next by Date: RE: draft-leach-digest-sasl-0X.txt
Previous by thread: Re: Interactivity in SASL mechanisms
Next by thread: New version of draft-nystrom-securid-sasl-0X.txt available
Index(es):
- Date
- Thread