[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Moving forward with CRAM-MD5

To: ietf-sasl@xxxxxxx
Subject: Moving forward with CRAM-MD5
From: Kurt Zeilenga <Kurt.Zeilenga@xxxxxxxxx>
Date: Fri, 13 Jun 2008 09:14:12 -0700
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Sender: owner-ietf-sasl@xxxxxxxxxxxx

First, the chairs apologize to the WG for the dropping the ball withregards to this work item, and to especially to Frank for notresponding to his comments to the last CRAM-MD5 WGLC (March 2007).

While the WG was chartered to produce a CRAM-MD5 suitable forprogression on the Standard Track, the WG has mostly taken a "documentcurrent practice" approach. Given this approach and the I-D itproduced, progression as Informational would be more appropriate.For instance, the choice of SHOULD use Unicode, SASLprep, UTF-8 forthe shared-secret than a MUST seems more appropriate for aInformational document documenting current practice than the StandardTrack trying to ensure interoperability between implementations of thespecification.

As I do not believe there is sufficient desire or energy to adequatelyaddress known problems, and a strong desire to publish this documentlargely "as is", I recommend the I-D's intended category be"Informational" (to be reflected in the I-Ds header). I also proposethe following statement be added to the bottom of the "Introduction"section (section 1):This document replaces RFC 2195. Furthermore, RFC 2195 is (onapproval of this I-D as an RFC) moved to Historic status.

I note that moving a specification off the standards track isappropriate when it has fallen into some disfavor. While use of CRAM-MD5 remains prevalent on the Internet, it seems unlikely that the IETFwould, if considered anew, standardize such at this time. The IETFnow seems to favor standardization of mechanisms which provide betterinternationalization and additional security features.

With regards to Frank's comments, I recall each being viewed, for onereason or another, as not requiring further changes to the I-D.However, because of the delay, and the lack of a specific response tohis comments, I would like to now give Frank and others theopportunity to raise any concerns they might have with regard to thisdocument. (The chairs shall, where appropriate, state whether anyraised issue is closed and why.) Hence, it is my intent to subjectthis I-D to another WG last call shortly after the revised I-D isannounced.


-- Kurt (as SASL WG co-chair)

Follow-Ups:
- Re: Moving forward with CRAM-MD5
  - From: Chris Newman

Prev by Date: Re:
Next by Date: Re: Moving forward with CRAM-MD5
Previous by thread: [no subject]
Next by thread: Re: Moving forward with CRAM-MD5
Index(es):
- Date
- Thread