To:
Kent Crispin <kent@songbird.com>
CC:
ietf-provreg@cafax.se, Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net>
From:
Andre Cormier <Andre.Cormier@viagenie.qc.ca>
Date:
Wed, 14 Feb 2001 17:02:21 -0500
Sender:
owner-ietf-provreg@cafax.se
Subject:
Re: grrp-reqs-06, 3.2 Identification and Authentication [3]
Here's a proposition:
Lets change
[3] The protocol or another layered protocol MUST provide services to
negotiate an identification and authentication mechanism
acceptable to
both the server and the client.
To
[3] The protocol or another layered protocol MUST provide services to
negotiate an authentication mechanism acceptable to both the
server
and the client.
This was more like my original idea. I had no intention of negotiating
identification at this point or any policies. I only wanted to make sure
that the protocol will be able handle more than one
authentication/security mecanism (like SASL defines). This will ensure
that those who needs privacy(TLS) and strong
authentication(Certificates) will be able to get it and those who needs
just plain text authentication will be able to get it too (as scary as
it sounds ;-) ).
SASL is very easy to implement and offer the greatest flexibility for
security.
So, it has nothing to do with the content, just the session.
Identification can be added as an other object or wathever means that
fit.
André