[Standards] [Fwd: I-D Action:draft-melnikov-digest-to-historic-00.txt]

Ian Paterson ian.paterson at clientside.co.uk
Wed Sep 12 18:38:22 UTC 2007

Greg Hudson wrote:
> On Tue, 2007-09-11 at 19:51 +0100, Dave Cridland wrote:
>> If I ruled the world, I'd mandate TLS+SCRAM, and have a SHOULD for  
>> TLS+YAP (the latter being plaintext-equiv on the server, but only a  
>> single round-trip, so great for mobiles).
> You may be missing the most popular reason for sending plain-text
> passwords to the server (over TLS, one hopes): it's the only way for the
> server to check the password against an external verifier such as an
> LDAP server, AD controller, or Kerberos KDC.  (GSSAPI krb5 auth is much
> better if you have an AD controller or Kerberos KDC, of course, but I
> don't hold out much hope for that being universally implemented in
> clients.)

I think Dave is well aware of that benefit. :-)

I agree that servers that support external verification should implement 
SASL PLAIN. However, SASL PLAIN's support for external verification 
comes at a very significant security cost (since some servers *will* be 
compromised). IMHO, the spec should not sacrifice the security of users 
of servers that could employ "internal" verification (by requiring 
support only for SASL PLAIN).

How do people feel about the following rules:

1. Clients and servers MUST implement both DIGEST-MD5 and SASL PLAIN.
2. Each server installation MUST include either (but not both) 
DIGEST-MD5 (when inner hash verification is available) or SASL PLAIN 
(when only external verification is available) in the list of mechanisms 
it offers clients.

- Ian

More information about the Standards mailing list