The SASL working group met for one hour Tuesday.  


As part of successful SASL authentication, you can set up a channel
security layer.  If you later have another successful authentication,
the security layer remains in place even if the new SASL mechanism
does not negotiate a security layer.  The There was some concern that
this might create problems for distributed server implementations
where two components trust each other, but do not trust a third
component.  The rough consensus of the working group was not to make
this change.



we had significant discussion of issues surrounding our stringprep
profile saslprep.  First, we discussed whether we wanted to map all
full stop characters to the ASCII full stop character.  We also
discussed whether we would allow private use characters.  The working
group failed to reach consensus on these issues at the session.



We had a presentation on implementation problems with SMTP
authentication.  We expect to be making various changes in our
specifications to make them more clear.  The incorrect behavior is
already a violation of the existing specs but there is a desire to add
better examples.


Alexey Melnikov has agreed to edit the GSSAPI mechanism draft because
the previous editor has not had time to edit the document.  We expect
an initial submission shortly after this meeting.


The chairs will get new milestones to the ADs shortly after the
meeting.  We hope to be done with base, saslprep, plain and anonymous
by the end of the year.