[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Crypto agility in SCRAM + draft-josefsson-password-auth?

To: Simon Josefsson <simon@xxxxxxxxxxxxx>
Subject: Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
From: Hallvard B Furuseth <h.b.furuseth@xxxxxxxxxxx>
Date: Tue, 18 Mar 2008 20:41:46 +0100
Cc: Frank Ellermann <hmdmhdfmhdjmzdtjmzdtzktdkztdjz@xxxxxxxxx>, ietf-sasl@xxxxxxx
In-reply-to: <87skyn7scr.fsf@xxxxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
References: <877ig12v5g.fsf@xxxxxxxxxxxxxxxxxxx> <frmdmk$h1o$1@xxxxxxxxxxxxx> <87od9dszmh.fsf@xxxxxxxxxxxxxxxxxxx> <frnouh$se3$1@xxxxxxxxxxxxx> <87d4psghws.fsf@xxxxxxxxxxxxxxxxxxx> <20080318160958.GW16998@xxxxxxx> <87r6e87x0a.fsf@xxxxxxxxxxxxxxxxxxx> <20080318182510.GC16998@xxxxxxx> <87skyn7scr.fsf@xxxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx

Simon Josefsson writes:
> Can we get away with specifying both SCRAM-SHA1 and SCRAM-SHA224 and say
> that servers MUST support both and clients MAY support either?

I don't see what good that does.  The server MUST support both, likely
only one password hash is _stored_ in it.  A client which only supports
the other can't authenticate.

You can say that clients MUST support both and servers MAY support
either.

-- 
Hallvard

Follow-Ups:
- Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Nicolas Williams

References:
- Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Simon Josefsson
- Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Frank Ellermann
- Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Simon Josefsson
- Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Frank Ellermann
- Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Simon Josefsson
- Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Nicolas Williams
- Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Simon Josefsson
- Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Nicolas Williams
- Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Simon Josefsson

Prev by Date: Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
Next by Date: Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
Previous by thread: Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
Next by thread: Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
Index(es):
- Date
- Thread