Simple Authentication And Security Layer (SASL) IETF71, Philadelphia, PA Tuesday, March 11, 2008 at 13:00-15:00 ====================================== Chairs: Tom Yu Kurt Zeilenga Jabber logs: http://jabber.ietf.org/logs/sasl/2008-03-11.txt Audio logs: http://limestone.uoregon.edu/ftp/pub/videolab/media/ietf71/ietf71-ch7-tue-noon-sasl.mp3 ftp://limestone.uoregon.edu/ftp/pub/videolab/media/ietf71/ietf71-ch7-tue-noon-sasl.mp3 Agenda slides: http://www3.ietf.org/proceedings/08mar/slides/sasl-0.pdf ==================== Thanks to Cyrus Daboo for scribing. Our new AD will be Pasi Eronen. - draft-ietf-sasl-crammd5-09 (expired) - draft-ietf-sasl-gs2-09 some issues remaining - draft-ietf-sasl-rfc2831bis-12 (to historic) - draft-josefsson-password-auth-00 (expired) - draft-melnikov-digest-to-historic-00 WGLC done - draft-newman-auth-scram-05 more later - draft-zeilenga-sasl-yap-02 indepdendent submission IESG discussion on recharter proposal results in a desire to have additional details on the requirements for the DIGEST-MD5 successor. Some text was proposed on mailing list (Chris Newman and others); we will work on a shorter summary for the actual charter text and send the longer version for additional explanation to the IESG if needed. Is SCRAM what we have consensus on for the DIGEST-MD5 successor? We want to make sure that the WG has fairly evaluated all the proposals presented to us. Does Simon Josefsson want to continue with his proposal? Simon primarily wants to write a password-based GSS-API mechanism. It might also become a SASL GS2 mechanism. Chris Newman believes GS2 is too complicated for a simple password-based mechanism. Sam wants people who object to GS2 to raise real technical objections. Chris as an implementor does not want to get mixed up with GSS-API stacks. He could live with binary goo, but ASN.1 is bad. Eventually Simon Josefsson, Chris Newman, and Alexey Melnikov agree to merge Simon's doc with SCRAM. They will also produce a comparison of Simon's doc and SCRAM. Block digest-to-historic behind SCRAM? Various strategies proposed, including putting a normative reference to SCRAM. We decide that we will ask Pasi what works best for him in terms of document workflow. Tangential discussion about moving http-digest to historic; conclude that the question is not for this working group to decide. Block GS2 behind SCRAM? Simon wants to wait until it's in rfc editor queue. Alexey would rather at least one additional GS2 mech prior to implementing GS2. We want to avoid yet another previously-general mechanism family that only supports GSS-API/Kerberos. Postpone decision until IETF72 (Dublin). Frank Ellerman made a WGLC comment on digest-to-historic, detailing the http-digest incompatibility with DIGEST-MD5. How much of this comment, if any, will we incorporate into digest-to-historic? Alexey will respond to Frank's comment re digest-to-historic by the end of the week. Kurt to coordinate interop testing in dublin ACTION ITEMS: Alexey will respond to Frank's comment on digest-to-historic by the end of the week. Simon, Alexey, Chris will produce a merged document for DIGEST-MD5 successor by May 1st, including a comparison of Simon's mech and SCRAM.