IETF Logo Mail Archive

Re: [ldapext] draft-stroeder-hashed-userpassword-values-01

Michael Ströder <michael@stroeder.com> Thu, 14 March 2013 01:23 UTC

Return-Path: <michael@stroeder.com>
X-Original-To: ldapext@ietfa.amsl.com
Delivered-To: ldapext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FC7E11E80DC for <ldapext@ietfa.amsl.com>; Wed, 13 Mar 2013 18:23:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.299
X-Spam-Level:
X-Spam-Status: No, score=-3.299 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PFnuritltEkx for <ldapext@ietfa.amsl.com>; Wed, 13 Mar 2013 18:23:50 -0700 (PDT)
Received: from srv1.stroeder.com (srv1.stroeder.com [213.240.180.113]) by ietfa.amsl.com (Postfix) with ESMTP id E2F2411E80D5 for <ldapext@ietf.org>; Wed, 13 Mar 2013 18:23:49 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by srv1.stroeder.com (Postfix) with ESMTP id 614C96025F; Thu, 14 Mar 2013 02:23:43 +0100 (CET)
X-Virus-Scanned: amavisd-new at stroeder.com
Received: from srv1.stroeder.com ([127.0.0.1]) by localhost (srv1.stroeder.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ScU9eNBsapoL; Thu, 14 Mar 2013 02:23:37 +0100 (CET)
Received: from [10.1.0.2] (unknown [10.1.0.2]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by srv1.stroeder.com (Postfix) with ESMTPS id 7DDCC60251; Thu, 14 Mar 2013 01:23:36 +0000 (UTC)
Message-ID: <5141269B.1030205@stroeder.com>
Date: Thu, 14 Mar 2013 02:23:39 +0100
From: Michael Ströder <michael@stroeder.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:19.0) Gecko/20100101 Firefox/19.0 SeaMonkey/2.16
MIME-Version: 1.0
To: Andrew Findlay <andrew.findlay@skills-1st.co.uk>, ldapext <ldapext@ietf.org>
References: <5103F924.2070800@stroeder.com> <CABBgLkcnK7WfthFOBD5Esfz+g1izcKoGgtxzKKDntc0i=E7LOQ@mail.gmail.com> <510782A6.7050209@stroeder.com> <3ED81CD8-59DA-482E-8AFA-C68E53A62067@isode.com> <51410020.4020800@stroeder.com> <20130314001901.GN18706@slab.skills-1st.co.uk>
In-Reply-To: <20130314001901.GN18706@slab.skills-1st.co.uk>
X-Enigmail-Version: 1.5.1
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="------------ms030303080305010000040703"
Cc: "ldap@umich.edu" <ldap@umich.edu>
Subject: Re: [ldapext] draft-stroeder-hashed-userpassword-values-01
X-BeenThere: ldapext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: LDAP Extension Working Group <ldapext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ldapext>, <mailto:ldapext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ldapext>
List-Post: <mailto:ldapext@ietf.org>
List-Help: <mailto:ldapext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ldapext>, <mailto:ldapext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Mar 2013 01:23:51 -0000

Andrew Findlay wrote:
> On Wed, Mar 13, 2013 at 11:39:28PM +0100, Michael Ströder wrote:
> 
>>> I see this document is marked as being intended to be published as
>>> Informational, but it reads more like it's trying to be a standard.
>>
>> I tried to add some wording to avoid that misunderstanding in the next
>> revision of this draft:
>>
>> http://www.ietf.org/internet-drafts/draft-stroeder-hashed-userpassword-values-01.txt
> 
> Still -01 ?

Not "still" -01. Now -01.

> You are explicitly excluding details of '{crypt}'. I think this is a
> mistake, especially in an informational document. {crypt} is
> extremely useful in transition scenarios, so people need to know about
> it.

Hmm...I've expected somebody to ask for it. :-/
It makes the spec part more complex.

> What platform-specific variants do you know of?

Well, looking at crypt(3) man page it seems to me that there are many variants
of the library on various Unix platforms. This is what I meant with
"platform-specific".

> The really important one is the old Unix-crypt 13-char salted hash.
> 
> Could you perhaps say something like:
> 
> {crypt} introduces a password-hash string that is generated and
> checked by the crypt(3) library. This could be the traditional
> 13-character 'Unix crypt' or some other variant such as the stronger
> '$1$' and $6$' schemes used by recent versions of Linux.

I've added some text hopefully getting {CRYPT} stuff complete. Yuck!

Ciao, Michael.

v2.23.0 | Report a Bug | By Email