To:
Kent Crispin <kent@songbird.com>
CC:
ietf-provreg@cafax.se, Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net>
From:
Andre Cormier <Andre.Cormier@viagenie.qc.ca>
Date:
Wed, 14 Feb 2001 17:02:21 -0500
Sender:
owner-ietf-provreg@cafax.se
Subject:
Re: grrp-reqs-06, 3.2 Identification and Authentication [3]
Here's a proposition: Lets change [3] The protocol or another layered protocol MUST provide services to negotiate an identification and authentication mechanism acceptable to both the server and the client. To [3] The protocol or another layered protocol MUST provide services to negotiate an authentication mechanism acceptable to both the server and the client. This was more like my original idea. I had no intention of negotiating identification at this point or any policies. I only wanted to make sure that the protocol will be able handle more than one authentication/security mecanism (like SASL defines). This will ensure that those who needs privacy(TLS) and strong authentication(Certificates) will be able to get it and those who needs just plain text authentication will be able to get it too (as scary as it sounds ;-) ). SASL is very easy to implement and offer the greatest flexibility for security. So, it has nothing to do with the content, just the session. Identification can be added as an other object or wathever means that fit. André