[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Moving forward with CRAM-MD5

To: Kurt Zeilenga <Kurt.Zeilenga@xxxxxxxxx>, ietf-sasl@xxxxxxx
Subject: Re: Moving forward with CRAM-MD5
From: Chris Newman <Chris.Newman@xxxxxxx>
Date: Mon, 23 Jun 2008 23:37:00 -0700
In-reply-to: <F2234A29-383F-4BD8-BA1A-E939EE3FA363@xxxxxxxxx>
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
References: <F2234A29-383F-4BD8-BA1A-E939EE3FA363@xxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx

At this point, I support any action which gets a CRAM-MD5 revisionpublished as long as it includes the appropriate parsing advice related tospaces in usernames.


		- Chris

--On June 13, 2008 9:14:12 -0700 Kurt Zeilenga <Kurt.Zeilenga@xxxxxxxxx>wrote:

First, the chairs apologize to the WG for the dropping the ball with
regards to this work item, and to especially to Frank for not responding
to his comments to the last CRAM-MD5 WGLC (March 2007).

While the WG was chartered to produce a CRAM-MD5 suitable for progression
on the Standard Track, the WG has mostly taken a "document current
practice" approach.  Given this approach and the I-D it produced,
progression as Informational would be more appropriate.   For instance,
the choice of SHOULD use Unicode, SASLprep, UTF-8 for the shared-secret
than a MUST seems more appropriate for a Informational document
documenting current practice than the Standard Track trying to ensure
interoperability between implementations of the specification.

As I do not believe there is sufficient desire or energy to adequately
address known problems, and a strong desire to publish this document
largely "as is", I recommend the I-D's intended category be
"Informational" (to be reflected in the I-Ds header).  I also propose the
following statement be added to the bottom of the "Introduction" section
(section 1):
   This document replaces RFC 2195.  Furthermore, RFC 2195 is (on
approval of this I-D as an RFC) moved to Historic status.

I note that moving a specification off the standards track is appropriate
when it has fallen into some disfavor.  While use of CRAM-MD5 remains
prevalent on the Internet, it seems unlikely that the IETF would, if
considered anew, standardize such at this time.  The IETF now seems to
favor standardization of mechanisms which provide better
internationalization and additional security features.

With regards to Frank's comments, I recall each being viewed, for one
reason or another, as not requiring further changes to the I-D.
However, because of the delay, and the lack of a specific response to his
comments, I would like to now give Frank and others the opportunity to
raise any concerns they might have with regard to this document.   (The
chairs shall, where appropriate, state whether any raised issue is closed
and why.)  Hence, it is my intent to subject this I-D to another WG last
call shortly after the revised I-D is announced.

References:
- Moving forward with CRAM-MD5
  - From: Kurt Zeilenga

Prev by Date: Moving forward with CRAM-MD5
Previous by thread: Moving forward with CRAM-MD5
Index(es):
- Date
- Thread