[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Clarifying the qualities we desire the DIGEST-MD5 replacement to have

To: Hallvard B Furuseth <h.b.furuseth@xxxxxxxxxxx>
Subject: Re: Clarifying the qualities we desire the DIGEST-MD5 replacement to have
From: Simon Josefsson <simon@xxxxxxxxxxxxx>
Date: Tue, 11 Mar 2008 17:51:33 +0100
Cc: Chris Newman <Chris.Newman@xxxxxxx>, Kurt Zeilenga <Kurt.Zeilenga@xxxxxxxxx>, ietf-sasl@xxxxxxx
In-reply-to: <hbf.20080311nead@xxxxxxxxxxxxx> (Hallvard B. Furuseth's message of "Tue, 11 Mar 2008 17:08:06 +0100")
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Openpgp: id=B565716F; url=http://josefsson.org/key.txt
References: <9C18D563-B86C-4ED8-8312-F22578A11E63@xxxxxxxxx> <> <hbf.20080311nead@xxxxxxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx
User-agent: Gnus/5.110007 (No Gnus v0.7) Emacs/22.1 (gnu/linux)

Hallvard B Furuseth <h.b.furuseth@xxxxxxxxxxx> writes:

> Chris Newman writes:
>> Nice-to-have features:
>> (...)
>> * Textual protocol like CRAM-MD5 over binary protocol that's harder
>>   to test/debug
>
> I don't get this.  SASL is not a protocol.  If a textual protocol _uses_
> SASL, it must turn SASL blobs into text - e.g. by base64-encoding them.
> If the SASL mechanism also base64-encodes, we get base64(base64(data)).

CRAM-MD5 uses hex encoding, so it will be base64(hex(data)).  I would
recommend against using base64 in the mechanism for this reason.  Base64
is considerably more error prone to implement than hex encoding.

This wastes a few bytes, yes, but I don't think the difference is
significant.

> If you are thinking of text vs ASN.1 I agree ASN.1 is harder to examine,
> but there are plenty of middle ways.  E.g. a fixed-field format with a
> field separator need not be textual.  And such binary fields could still
> start with 'token=' to identify them when you read the protocol.

Hex encoding the data as well doesn't cost much, and allows for simpler
string handling in some programming languages.

/Simon

Follow-Ups:
- Re: Clarifying the qualities we desire the DIGEST-MD5 replacement to have
  - From: Hallvard B Furuseth
- Re: Clarifying the qualities we desire the DIGEST-MD5 replacement to have
  - From: Frank Ellermann

References:
- Clarifying the qualities we desire the DIGEST-MD5 replacement to have
  - From: Kurt Zeilenga
- Re: Clarifying the qualities we desire the DIGEST-MD5 replacement to have
  - From: Chris Newman
- Re: Clarifying the qualities we desire the DIGEST-MD5 replacement to have
  - From: Hallvard B Furuseth

Prev by Date: Re: Holding gs2
Next by Date: Re: Clarifying the qualities we desire the DIGEST-MD5 replacement to have
Previous by thread: Re: Clarifying the qualities we desire the DIGEST-MD5 replacement to have
Next by thread: Re: Clarifying the qualities we desire the DIGEST-MD5 replacement to have
Index(es):
- Date
- Thread