IETF Logo Mail Archive

CRAM-MD5: syntax for challenge

Lyndon Nerenberg <lyndon@atg.aciworldwide.com> Mon, 03 December 2001 03:15 UTC

Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id fB33FVs02343 for ietf-sasl-bks; Sun, 2 Dec 2001 19:15:31 -0800 (PST)
Received: from atg.aciworldwide.com (atg-gw.esys.ca [139.142.180.4] (may be forged)) by above.proper.com (8.11.6/8.11.3) with ESMTP id fB33FT202338 for <ietf-sasl@imc.org>; Sun, 2 Dec 2001 19:15:29 -0800 (PST)
Received: from atg.aciworldwide.com (atg.aciworldwide.com [139.142.180.33]) by atg.aciworldwide.com (8.12.0/8.12.0) with ESMTP id fB33FX5I031888 for <ietf-sasl@imc.org>; Sun, 2 Dec 2001 20:15:33 -0700 (MST)
Message-Id: <200112030315.fB33FX5I031888@atg.aciworldwide.com>
To: ietf-sasl@imc.org
Subject: CRAM-MD5: syntax for challenge
X-URL: http://www.aciworldwide.com/
X-Notes-Item: Just say NO to Notes!
Organization: ACI Worldwide - Advanced Technology Group
Date: Sun, 02 Dec 2001 20:15:33 -0700
From: Lyndon Nerenberg <lyndon@atg.aciworldwide.com>
Sender: owner-ietf-sasl@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-ID: <ietf-sasl.imc.org>
List-Unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>

RFC2195 defines the challenge as having the syntax of a message-id,
and gives some guidance for building the contents. I don't think
the currently recommended scheme is as robust as it could be. Mobile
clients configured via DHCP tend to re-use hostnames and IP addresses;
this diminshes the uniqueness of the host part of the message-id. I'm
leaning towards taking out the recommendation, and instead say the
contents of the challenge must be a random sequence of printable
characters. I would also like to impose a minimum length on the
challenge.

--lyndon

v2.23.0 | Report a Bug | By Email