[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Optional domain/realm for SCRAM? (Re: Crypto agility in SCRAM + draft-josefsson-password-auth?)

To: Hallvard B Furuseth <h.b.furuseth@xxxxxxxxxxx>
Subject: Re: Optional domain/realm for SCRAM? (Re: Crypto agility in SCRAM + draft-josefsson-password-auth?)
From: Simon Josefsson <simon@xxxxxxxxxxxxx>
Date: Tue, 18 Mar 2008 18:52:55 +0100
Cc: Chris Newman <Chris.Newman@xxxxxxx>, ietf-sasl@xxxxxxx
In-reply-to: <hbf.20080318n9gm@xxxxxxxxxxxxx> (Hallvard B. Furuseth's message of "Tue, 18 Mar 2008 18:42:54 +0100")
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Openpgp: id=B565716F; url=http://josefsson.org/key.txt
References: <877ig12v5g.fsf@xxxxxxxxxxxxxxxxxxx> <20080317171317.GB16998@xxxxxxx> <> <20080318023527.GS16998@xxxxxxx> <878x0gghbi.fsf@xxxxxxxxxxxxxxxxxxx> <20080318161409.GX16998@xxxxxxx> <87y78g7xsn.fsf@xxxxxxxxxxxxxxxxxxx> <hbf.20080318n9gm@xxxxxxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx
User-agent: Gnus/5.110007 (No Gnus v0.7) Emacs/22.1 (gnu/linux)

Hallvard B Furuseth <h.b.furuseth@xxxxxxxxxxx> writes:

> Simon Josefsson writes:
>> I'm not strongly opposed to realms, but if it leads to complexity in the
>> protocol, I think we should motivate it carefully.
>
> As far as I can tell, a realm is nothing but a salt common for all
> users on the server.  SCRAM supports a salt.

That's what I tried to describe in many more words in my message to
Jeff.

> Am I missing something?

I'm with you, I think SCRAM already supports this model.

/Simon

References:
- Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Simon Josefsson
- Optional domain/realm for SCRAM? (Re: Crypto agility in SCRAM + draft-josefsson-password-auth?)
  - From: Nicolas Williams
- Re: Optional domain/realm for SCRAM? (Re: Crypto agility in SCRAM + draft-josefsson-password-auth?)
  - From: Chris Newman
- Re: Optional domain/realm for SCRAM? (Re: Crypto agility in SCRAM + draft-josefsson-password-auth?)
  - From: Nicolas Williams
- Re: Optional domain/realm for SCRAM? (Re: Crypto agility in SCRAM + draft-josefsson-password-auth?)
  - From: Simon Josefsson
- Re: Optional domain/realm for SCRAM? (Re: Crypto agility in SCRAM + draft-josefsson-password-auth?)
  - From: Nicolas Williams
- Re: Optional domain/realm for SCRAM? (Re: Crypto agility in SCRAM + draft-josefsson-password-auth?)
  - From: Simon Josefsson
- Re: Optional domain/realm for SCRAM? (Re: Crypto agility in SCRAM + draft-josefsson-password-auth?)
  - From: Hallvard B Furuseth

Prev by Date: Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
Next by Date: Re: Optional domain/realm for SCRAM? (Re: Crypto agility in SCRAM + draft-josefsson-password-auth?)
Previous by thread: Re: Optional domain/realm for SCRAM? (Re: Crypto agility in SCRAM + draft-josefsson-password-auth?)
Next by thread: Re: Optional domain/realm for SCRAM? (Re: Crypto agility in SCRAM + draft-josefsson-password-auth?)
Index(es):
- Date
- Thread