IETF Logo Mail Archive

Re: Further IESG feedback on draft-crispin-imapv-17.txt

Steve Hole <steve.hole@messagingdirect.com> Fri, 20 September 2002 14:58 UTC

Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g8KEwgu15674 for ietf-imapext-bks; Fri, 20 Sep 2002 07:58:42 -0700 (PDT)
Received: from rembrandt.esys.ca (IDENT:root@rembrandt.esys.ca [198.161.92.131]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g8KEwek15669 for <ietf-imapext@imc.org>; Fri, 20 Sep 2002 07:58:41 -0700 (PDT)
Received: from kepler.esys.ca (kepler.esys.ca [198.161.92.108]) (authenticated) by rembrandt.esys.ca (8.11.0.Beta0/8.11.0.Beta0) with ESMTP id g8KF0bs30915; Fri, 20 Sep 2002 09:00:37 -0600
From: Steve Hole <steve.hole@messagingdirect.com>
Date: Fri, 20 Sep 2002 08:58:29 -0700
To: ned.freed@mrochek.com
Subject: Re: Further IESG feedback on draft-crispin-imapv-17.txt
Cc: IMAP Mailing Liste <imap@u.washington.edu>, IMAP Extensions WG <ietf-imapext@imc.org>, paf@cisco.com, jis@mit.edu
In-Reply-To: <01KMOKNGXORY00628S@mauve.mrochek.com>
References: <01KMOKNGXORY00628S@mauve.mrochek.com>
Message-ID: <EXECMAIL.20020920085829.A711@kepler.esys.ca>
X-Mailer: Execmail for Linux Phoenix a1 Build (5)
MIME-Version: 1.0
Content-Type: Text/Plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id g8KEwfk15670
Sender: owner-ietf-imapext@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-imapext/mail-archive/>
List-ID: <ietf-imapext.imc.org>
List-Unsubscribe: <mailto:ietf-imapext-request@imc.org?body=unsubscribe>

On Thu, 19 Sep 2002 10:34:10 -0700 (PDT) ned.freed@mrochek.com wrote:

> The IESG would like to push back even harder on the use of plain text
> passwords, and would like to see this changed to read:
> 
> Note: a server implementation MUST NOT permit any
>       plaintext password mechanisms unless the STARTTLS
>       command described in [IMAP-TLS] has been negotiated or some 
>       other mechanism that protects the session from password
>       snooping has been provided. Client and server implementations
>       SHOULD implement additional SASL mechanisms which do not use
>       plaintext passwords, such the GSSAPI mechanism described in
>       [SASL] and/or the [DIGEST-MD5] mechanism.
> 
> The reason the IESG would like to see this change made  should be obvious, but
> in case it is not: The IESG wants to mandate the use of mechanisms that insure
> password snooping isn't possible but recognizes that there are many ways to do
> this besides TLS: SSH, VPNs, physical network security, etc.
> 
> How do people feel about making this change?

Well, I think that it is a good idea in theory, but simply not practical 
at this point in time.   By making this change you will force all 
existing implementations into instant non-compliance, which means that 
they will simply continue to reference rfc2060 rather than the new RFC.

It's a difficult thing isn't it.   The problem is the weight of the 
formerly mandatory to implement LOGIN command and the pervasive use of 
LOGIN in all products.  As is usually the case, the servers aren't the 
problem here, it is the deployed base of clients.   I don't think there is
any practical way of forcing an IMAP server to turn off LOGIN in any kind 
of open environment (University for example).  The best servers will be 
able to do is to provide an "enforce no clear passwords" configuration 
switch that they can enable in the presence of a known set of compliant 
clients (closed enterprise).   The SHOULD wording supports that kind of 
evolutionary deployment model.

I would stay with the SHOULD wording for now.

Cheers.
---
Steve Hole
Chief Technology Officer - Billing and Payment Systems
ACI Worldwide
<mailto:holes@ACIWorldwide.com>
Phone: 780-424-4922

v2.23.0 | Report a Bug | By Email