Protocol Action: 'POP3 SASL Authentication Mechanism' to Proposed Standard
The IESG <iesg-secretary@ietf.org> Tue, 01 May 2007 19:56 UTC
Return-path: <ietf-announce-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HiyS8-00078b-NN; Tue, 01 May 2007 15:56:00 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HiyS7-00078L-3C for ietf-announce@ietf.org; Tue, 01 May 2007 15:55:59 -0400
Received: from ns0.neustar.com ([156.154.16.158]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HiyS5-0008Sa-0R for ietf-announce@ietf.org; Tue, 01 May 2007 15:55:59 -0400
Received: from stiedprstage1.ietf.org (stiedprstage1.va.neustar.com [10.31.47.10]) by ns0.neustar.com (Postfix) with ESMTP id F146332960; Tue, 1 May 2007 19:55:56 +0000 (GMT)
Received: from ietf by stiedprstage1.ietf.org with local (Exim 4.43) id 1HiyS4-0001uu-Sq; Tue, 01 May 2007 15:55:56 -0400
X-test-idtracker: no
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Message-Id: <E1HiyS4-0001uu-Sq@stiedprstage1.ietf.org>
Date: Tue, 01 May 2007 15:55:56 -0400
X-Spam-Score: -2.8 (--)
X-Scan-Signature: c3a18ef96977fc9bcc21a621cbf1174b
Cc: Internet Architecture Board <iab@iab.org>, RFC Editor <rfc-editor@rfc-editor.org>
Subject: Protocol Action: 'POP3 SASL Authentication Mechanism' to Proposed Standard
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: ietf-announce.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
Errors-To: ietf-announce-bounces@ietf.org
The IESG has approved the following document: - 'POP3 SASL Authentication Mechanism ' <draft-siemborski-rfc1734bis-11.txt> as a Proposed Standard This document has been reviewed in the IETF but is not the product of an IETF Working Group. The IESG contact person is Lisa Dusseault. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-siemborski-rfc1734bis-11.txt Technical Summary This document is a revision of RFC 1734, which specifies the POP3 AUTH command, which allows a POP3 client to initiate a SASL authentication exchange with a POP3 server. Working Group Summary This document is not the result of a WG. Document Quality The document has been reviewed by Frank Ellermann, Alexey Melnikov, Arnt Gulbrandsen, and Philip Guenther. Lisa Dusseault is the responsible AD. Note to RFC Editor Abstract, second paragraph: Replace OLD: AUTH into a single document. To this end, this document obsoletes RFC 1734, replacing it as a Proposed Standard, and updates information contained in Section 6.3 of RFC 2449. With NEW: AUTH into a single document. To this end, this document obsoletes and replaces RFC 1734, and updates the information contained in Section 6.3 of RFC 2449. Section 4, penultimate and final paragraphs: Replace OLD: To ensure interoperability, client and server implementations of this extension MUST implement the PLAIN SASL mechanism, defined in [RFC4616]. A server implementation MUST implement a configuration in which it does NOT permit any plaintext password mechanisms, unless either the STLS command has been used to negotiate a TLS session (see [RFC2595]), or some other mechanism that protects the session from password snooping has been provided. Server sites SHOULD NOT use any configuration which permits a plaintext password mechanism without such a protection mechanism against password snooping. Client and server implementations SHOULD implement additional SASL mechanisms that do not send plaintext passwords, such as the [DIGEST-MD5] mechanism. With NEW: To ensure interoperability, client and server implementations of this extension MUST implement the PLAIN SASL mechanism [RFC4616] running over TLS [RFC2595]. A server implementation MUST implement a configuration in which it does NOT advertise or permit any plaintext password mechanisms, unless the STLS command has been used to negotiate a TLS session (see [RFC2595]). As described by RFC 4616, this configuration SHOULD be the default configuration. Before using a plaintext password mechanism over a TLS session, client implementations MUST verify the TLS server certificate as required by RFC 2595 section 2.4. Client and server implementations SHOULD implement additional SASL mechanisms that do not send plaintext passwords, such as the GSSAPI [RFC4752] mechanism. Section 12, final item: Replace OLD: [DIGEST-MD5] Melnikov, "Using Digest Authentication as a SASL Mechanism", draft-ietf-sasl-rfc2831bis-11.txt, Isode Ltd., November 2006 With NEW: [RFC4752] Melnikov, "The Kerberos V5 ("GSSAPI") Simple Authentication and Security Layer (SASL) Mechanism, RFC 4752, Isode Ltd., November 2006 _______________________________________________ IETF-Announce mailing list IETF-Announce@ietf.org https://www1.ietf.org/mailman/listinfo/ietf-announce