[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: which is our DIGEST-MD5 successor?
"Frank Ellermann" <nobody@xxxxxxxxxxxxxxxxx> writes:
> Simon Josefsson wrote:
>
>> Where can I find the latest SCRAM document?
>
> <http://tools.ietf.org/html/scram> is a trick to find
> drafts "by name", also nice as an "opensearch" form.
>
> In draft-newman-auth-scram-05 appendix C (examples)
> is still empty.
Thanks. SCRAM is not a GSS-API mechanism as far as I can tell, so I
believe we have different goals. I guess it is up to the WG to decide
whether to base the password mechanism on GSS-API or not.
>> the latest version of my password document is
>> available from <http://josefsson.org/password/>.
>
> Thanks, that uses HMAC-SHA-256 => nothing for me.
Could you elaborate why? Supporting HMAC-SHA-1 or even HMAC-MD5 would
be easy, and the reason for picking HMAC-SHA-256 was rather arbitrary.
/Simon