[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Protocol Action: 'The PLAIN SASL Mechanism' to Proposed Standard

To: IETF-Announce <ietf-announce at ietf.org>
Subject: Protocol Action: 'The PLAIN SASL Mechanism' to Proposed Standard
From: The IESG <iesg-secretary at ietf.org>
Date: Wed, 28 Jun 2006 17:18:24 -0400
Cc: sasl chair <kurt at openLDAP.org>, Internet Architecture Board <iab at iab.org>, sasl mailing list <ietf-sasl at imc.org>, sasl chair <tlyu at mit.edu>, RFC Editor <rfc-editor at rfc-editor.org>
List-help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-id: ietf-announce.ietf.org
List-post: <mailto:ietf-announce@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>

The IESG has approved the following document:

- 'The PLAIN SASL Mechanism '
   <draft-ietf-sasl-plain-09.txt> as a Proposed Standard

This document is the product of the Simple Authentication and Security Layer 
Working Group. 

The IESG contact persons are Sam Hartman and Russ Housley.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-sasl-plain-09.txt

Technical Summary
 

 This document defines a simple clear-text user/password Simple
 Authentication and Security Layer (SASL) mechanism called the PLAIN
 mechanism.  The PLAIN mechanism is intended to be used, in combination
 with data confidentiality services provided by a lower layer, in
 protocols which lack a simple password authentication command. This document
updates RFC 2595.
 
Working Group Summary
 
 The working group came to rough consensus on this document.  There
 was some debate about how stringprep's desire to avoid comparison of
 two strings both involving unassigned codepoints interacts with
 situations where one string is transported by an IETF-controlled
 protocol like this mechanism and the other string is the providence of
 an implementation-specific protocol with broader applicability than
 this specification.

 
Protocol Quality
 
 This specification has been reviewed by Sam Hartman for the IESG.

RFC Editor Note
 
  In section 1

old:
  Clear-text, multiple-use passwords are simple, interoperate with
  almost all existing operating system authentication databases, and are
  useful for a smooth transition to a more secure password-based
  authentication mechanism. The drawback is that they are unacceptable
  for use over network connection where data confidentiality is not
  assured (by encryption or other means).

  new (removing parenthetical):

  Clear-text, multiple-use passwords are simple, interoperate with
  almost all existing operating system authentication databases, and are
  useful for a smooth transition to a more secure password-based
  authentication mechanism. The drawback is that they are unacceptable
  for use over network connection where data confidentiality is not
  assured.


_______________________________________________
IETF-Announce mailing list
IETF-Announce at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf-announce

Prev by Date: WG Action: RECHARTER: Transport Area Working Group (tsvwg)
Next by Date: 66th IETF - Early Bird Registration
Previous by thread: WG Action: RECHARTER: Transport Area Working Group (tsvwg)
Next by thread: 66th IETF - Early Bird Registration
Index(es):
- Date
- Thread