Re: CRAM-MD5: syntax for challenge
Cyrus Daboo <daboo@cyrusoft.com> Mon, 03 December 2001 16:01 UTC
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id fB3G1j601610 for ietf-sasl-bks; Mon, 3 Dec 2001 08:01:45 -0800 (PST)
Received: from darius.cyrusoft.com (darius.cyrusoft.com [206.31.218.194]) by above.proper.com (8.11.6/8.11.3) with ESMTP id fB3G1i201597 for <ietf-sasl@imc.org>; Mon, 3 Dec 2001 08:01:44 -0800 (PST)
Received: from socrates.cyrusoft.com (localhost [127.0.0.1]) by darius.cyrusoft.com (8.9.3/8.9.3) with ESMTP id KAA10191; Mon, 3 Dec 2001 10:59:36 -0500 (EST)
Date: Mon, 03 Dec 2001 11:01:26 -0500
From: Cyrus Daboo <daboo@cyrusoft.com>
To: Lyndon Nerenberg <lyndon@atg.aciworldwide.com>, ietf-sasl@imc.org
Subject: Re: CRAM-MD5: syntax for challenge
Message-ID: <2147483647.1007377286@socrates.cyrusoft.com>
In-Reply-To: <200112030315.fB33FX5I031888@atg.aciworldwide.com>
References: <200112030315.fB33FX5I031888@atg.aciworldwide.com>
X-Mailer: Mulberry/3.0.0d1 (Mac OS/PPC)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-ietf-sasl@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-ID: <ietf-sasl.imc.org>
List-Unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
--On Sunday, December 2, 2001 8:15 PM -0700 Lyndon Nerenberg <lyndon@atg.aciworldwide.com> wrote: > RFC2195 defines the challenge as having the syntax of a message-id, > and gives some guidance for building the contents. I don't think > the currently recommended scheme is as robust as it could be. Mobile > clients configured via DHCP tend to re-use hostnames and IP addresses; > this diminshes the uniqueness of the host part of the message-id. I'm > leaning towards taking out the recommendation, and instead say the > contents of the challenge must be a random sequence of printable > characters. I would also like to impose a minimum length on the > challenge. The challenge is sent (and thus generated) by the server, so I don't see why the 'DHCP-ness' of the client is an issue. Certainly if the server does not have a unique hostname you may have an issue. Say the server is behind a firewall with NAT, then you might have [10.0.1.1] as part of the challenge. Is that what you are concerned with? -- Cyrus Daboo
- CRAM-MD5: syntax for challenge Lyndon Nerenberg
- Re: CRAM-MD5: syntax for challenge Kurt D. Zeilenga
- Re: CRAM-MD5: syntax for challenge Alexey Melnikov
- Re: CRAM-MD5: syntax for challenge Cyrus Daboo
- Re: CRAM-MD5: syntax for challenge Lyndon Nerenberg
- Re: CRAM-MD5: syntax for challenge Lyndon Nerenberg
- Re: CRAM-MD5: syntax for challenge Kurt D. Zeilenga