[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SASL WG session at IETF68

To: Frank Ellermann <nobody@xxxxxxxxxxxxxxxxx>, ietf-sasl@xxxxxxx
Subject: Re: SASL WG session at IETF68
From: Jeffrey Hutzelman <jhutz@xxxxxxx>
Date: Mon, 12 Mar 2007 17:09:02 -0400
Cc: Jeffrey Hutzelman <jhutz@xxxxxxx>
In-reply-to: <45F58943.7FE3@xxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
References: <ldvhctqdvd7.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxx> <45F55194.6040802@xxxxxxxxx> <45F58943.7FE3@xxxxxxxxxxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx

On Monday, March 12, 2007 06:09:23 PM +0100 Frank Ellermann<nobody@xxxxxxxxxxxxxxxxx> wrote:

Finally the second part says implementations won't bother to check the
certificate, and then PLAIN isn't good enough.  Now that's tricky, if
it's true

Sadly, it is. All too many TLS-using applications, especially emailclients, either completely ignore certificate validation or treat allself-signed certificates as trust anchors. So, mechanisms which do notreveal the user's password to the "server" are highly desirable.


-- Jeff

References:
- SASL WG session at IETF68
  - From: Tom Yu
- Re: SASL WG session at IETF68
  - From: Alexey Melnikov
- Re: SASL WG session at IETF68
  - From: Frank Ellermann

Prev by Date: Re: SASL WG session at IETF68
Previous by thread: Re: SASL WG session at IETF68
Next by thread: I-D ACTION:draft-ietf-sasl-gs2-07.txt
Index(es):
- Date
- Thread