IETF Logo Mail Archive

Re: Further IESG feedback on draft-crispin-imapv-17.txt

"Jeffrey I. Schiller" <jis@mit.edu> Fri, 20 September 2002 17:28 UTC

Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g8KHSdl25532 for ietf-imapext-bks; Fri, 20 Sep 2002 10:28:39 -0700 (PDT)
Received: from jis.mit.edu (JIS.MIT.EDU [18.7.21.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g8KHSck25524 for <ietf-imapext@imc.org>; Fri, 20 Sep 2002 10:28:38 -0700 (PDT)
Received: from jis.tzo.com (localhost [127.0.0.1]) by jis.mit.edu (8.9.2/8.9.3) with ESMTP id NAA22385; Fri, 20 Sep 2002 13:28:21 -0400 (EDT)
Received: from mit.edu (jis.tzo.com [127.0.0.1]) by jis.tzo.com (8.12.3/8.12.3) with ESMTP id g8KHS8lt002664; Fri, 20 Sep 2002 13:28:08 -0400
Message-ID: <3D8B5AA8.5010409@mit.edu>
Date: Fri, 20 Sep 2002 13:28:08 -0400
From: "Jeffrey I. Schiller" <jis@mit.edu>
Organization: Massachusetts Institute of Technology
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020607
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Mark Crispin <MRC@cac.washington.edu>
CC: Larry Osterman <larryo@exchange.MICROSOFT.com>, ned.freed@mrochek.com, IMAP Mailing Liste <imap@u.washington.edu>, IMAP Extensions WG <ietf-imapext@imc.org>, paf@cisco.com
Subject: Re: Further IESG feedback on draft-crispin-imapv-17.txt
References: <MailManager.1032460991.220.mrc@Ikkoku-Kan.Panda.COM>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-imapext@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-imapext/mail-archive/>
List-ID: <ietf-imapext.imc.org>
List-Unsubscribe: <mailto:ietf-imapext-request@imc.org?body=unsubscribe>

I can live with Mark's proposed paragraph.

			-Jeff

Mark Crispin wrote:
> I share Larry's concern.
> 
> We agree with the IESG that this requirement should be "mandatory to
> implement".  What makes it untenable for us is the implication that an
> implementation which does not enforce "mandatory to deploy" is non-compliant.
> 
> Server implementors are not in a position to enforce "mandatory to deploy",
> and there are legitimate reasons why a site may choose to deploy unprotected
> plaintext authentication.
> 
> Note the following text in RFC 2595:
>    [...]  The PLAIN SASL mechanism
>    MUST NOT be advertised or used unless a strong encryption layer (such
>    as the provided by TLS) is active or backwards compatibility dictates
>    otherwise.
> 
> IESG approved this as standards-track for a new protocol (the PLAIN SASL
> mechanism) which did not have any standards-track legacy to consider.  IMAP,
> on the other hand, has a standards-track legacy and furthermore a production
> installed base dating from 1985.
> 
> This is, to put it mildly, inconsistent.
> 
> Is the following compromise be acceptable to the IESG?
> 
> Note: a server implementation MUST implement a configuration in which
>       it does NOT permit any plaintext password mechanisms unless the
>       STARTTLS command described in [IMAP-TLS] has been negotiated or
>       some other mechanism that protects the session from password
>       snooping has been provided.  Server sites SHOULD NOT use any
>       configuration which permits a plaintext password mechanism without
>       a protection mechanism against password snooping.  Client and
>       server implementations SHOULD implement additional SASL mechanisms
>       which do not use plaintext passwords, such the GSSAPI mechanism
>       described in [SASL] and/or the [DIGEST-MD5] mechanism.
> 
> This clearly puts the vendor off the hook if it has implemented the correct
> mode, even if the site chooses to use the incorrect mode.
>

v2.23.0 | Report a Bug | By Email