[saag] IETF74 SASL summary
Tom Yu <tlyu@MIT.EDU> Thu, 26 March 2009 16:33 UTC
Return-Path: <tlyu@MIT.EDU>
X-Original-To: saag@core3.amsl.com
Delivered-To: saag@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3C3A73A67E3 for <saag@core3.amsl.com>; Thu, 26 Mar 2009 09:33:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.09
X-Spam-Level:
X-Spam-Status: No, score=-6.09 tagged_above=-999 required=5 tests=[AWL=0.509, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ysUZrXsp3q8z for <saag@core3.amsl.com>; Thu, 26 Mar 2009 09:33:46 -0700 (PDT)
Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by core3.amsl.com (Postfix) with ESMTP id 69DAD3A67DD for <saag@ietf.org>; Thu, 26 Mar 2009 09:33:46 -0700 (PDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id n2QGYaPY016891 for <saag@ietf.org>; Thu, 26 Mar 2009 12:34:37 -0400 (EDT)
Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id n2QGYZKF014602 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for <saag@ietf.org>; Thu, 26 Mar 2009 12:34:36 -0400 (EDT)
Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9.20060308) id n2QGYZh6008461; Thu, 26 Mar 2009 12:34:35 -0400 (EDT)
To: saag@ietf.org
From: Tom Yu <tlyu@MIT.EDU>
Date: Thu, 26 Mar 2009 12:34:35 -0400
Message-ID: <ldviqlww8dg.fsf@cathode-dark-space.mit.edu>
Lines: 48
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Scanned-By: MIMEDefang 2.42
Subject: [saag] IETF74 SASL summary
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Mar 2009 16:33:47 -0000
Simple Authentication And Security Layer (SASL) IETF74, San Francisco, CA Tuesday, March 24, 2009 at 0900-1130 ==================================== Chairs: Tom Yu <tlyu@mit.edu> Kurt Zeilenga <kurt.zeilenga@isode.com> Scribe: Cyrus Daboo ==================== * draft-melnikov-sasl-scram-ldap-01 * draft-newman-auth-scram-11 - near consensus * draft-newman-auth-scram-gs2-01 - fold into SCRAM * draft-ietf-sasl-4422bis-00 - needs refresh * draft-ietf-sasl-crammd5-10 - expired; consensus call in-progress * draft-ietf-sasl-digest-to-historic-00 - needs refresh; to IESG with SCRAM * draft-ietf-sasl-gs2-11 - near consensus * draft-zeilenga-sasl-crammd5-00 - SCRAM - PBKDF2 iteration count: Pasi suggests using largest count that allows an acceptable user experience. SCRAM - open question on including "service name" URI to avoid a "bad" server proxying to a "good" server and thus gaining access to the "good" server as the user. No clear consensus. New GS2 approach, very text-oriented. Considered acceptable for SCRAM. Distinguish channel-binding vs not by using a suffix on mechanism name. GS2, SCRAM edits done by end of month. CRAM-MD5 - ongoing consensus call. So far, general agreement about abandoning work, etc. as in Tom's statements in the consensus call, except for the adoption of SCRAM as the replacement for CRAM-MD5. Milestones: Mar 09 GS2 WGLC Mar 09 SCRAM WGLC Apr 09 decide CRAM-MD5 approach Jun 09 4422bis I-D and implementation report Oct 09 4422bis WGLC
- [saag] IETF74 SASL summary Tom Yu