IETF SASL WG meeting Minutes
<BR>
==========================
<BR>

<BR>

<BR>
Tuesday 15 July 2003
<BR>
3:45pm
<BR>
chairs:    Sam Hartman &lt;hartmans@mit.edu&gt; Kurt Zeilenga &lt;kurt@openLDAP.org&gt;
<BR>
scribe: Luke Howard &lt;lukeh@padl.com&gt;
<BR>

<BR>

<BR>

<BR>
2222bis
<BR>
=======
<BR>

<BR>

<BR>
- Alexei Melnikov noted that he has published a subsequent revision of 2222bis; minor editorial issues remain
<BR>
- Clarification of empty authorization identities 
<BR>
- Alexei will do a final revision of the document in the first week of August after which it can go to last call
<BR>

<BR>

<BR>
saslprep
<BR>
========
<BR>

<BR>

<BR>
- Sam noted that current belief is that this will meet the needs of the Kerberos community
<BR>
- The saslprep document is to be revised to include informational mapping tables but is otherwise ready for last call.  New revision is expected shortly after the meeting and the last call will follow shortly after it is announced.
<BR>

<BR>

<BR>
DIGEST-MD5
<BR>
==========
<BR>

<BR>

<BR>
- DIGEST-MD5: Alexei noted that since the last revision he has made the following changes:
<BR>
- Clarifications regarding character sets and authorization vs authentication identities
<BR>
- reference to saslprep the last revision has been updated
<BR>
- Clarified RC4 cipher state is not reset between packets
<BR>
- merged AES cipher document with this one
<BR>
- no changes to solve the AES CBC mod attack:requested text be contributed once a solution is found. 
<BR>
- The working group decided that AES for digest-md5 will use random IVs rather than counter mode.  Counter mode is harder to implement correctly.
<BR>
- Questions from Sam regarding mandatory to implement ciphers: what should it be (if one is not already required)?
<BR>
- Sam believes there will be interest in making   RC4  mandatory to implement   because it is implemented now; there is no security reason to not do so that he was aware of
<BR>
- Kurt noted a question as to whether security layers were mandatory to implement; not wearing his chair hat he suggested that at least integrity should be mandatory, Alexei noted that many mail clients do authentication only
<BR>
- Chris Newman suggested that layers should not be mandatory because we already have TLS; suggest that vendors may remove support for DIGEST-MD5 entirely due to engineering cost of implementing layers Kurt suggested SHOULD implement integrity and that security considerations should note that you are subject to MITM without TLS or layers Noted that CRAM-MD5 is subject to the "evil server" attach which DIGEST-MD5 is not because there is a client nonce; also DIGEST-MD5 being compatible with HTTP digest has advantages. ie. there are sufficient advantages over CRAM-MD5 in spite of the lack of  layers being mandatory to implement Sam asked for consensus for deprecating both DES and triple DES. There were no objections, nor to taking them out of the document. Sam suggested that we note in the Security Considerations or Changes Since section as to why these were deprecated (preference for latter section)
<BR>

<BR>

<BR>
GSSAPI
<BR>
======
<BR>

<BR>

<BR>
- Sam noted draft was "eaten by the secretariat"
<BR>
- Plan is to move forward on it -- 00 to appear "soon"
<BR>

<BR>

<BR>
CRAM-MD5
<BR>
========
<BR>

<BR>

<BR>
- A version with saslprep references is available
<BR>

<BR>

<BR>
SASL Applicability Statement
<BR>
============================
<BR>

<BR>

<BR>
- Keith Burdis agreed to submit an SASL applicability statement as an  individual submission.  His document will include comparisons of the   various sasl mechanisms and their security properties. Sam agreed to   propose an outline for the document.  The working group will discuss   rechartering to include this document after the first revision.