A dignified burial for CRAM-MD5
Lyndon Nerenberg <lyndon@orthanc.ca> Thu, 19 February 2009 04:42 UTC
Return-Path: <owner-ietf-sasl@mail.imc.org>
X-Original-To: ietfarch-sasl-archive-Zoh8yoh9@core3.amsl.com
Delivered-To: ietfarch-sasl-archive-Zoh8yoh9@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D9FE63A672F for <ietfarch-sasl-archive-Zoh8yoh9@core3.amsl.com>; Wed, 18 Feb 2009 20:42:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.468
X-Spam-Level:
X-Spam-Status: No, score=-1.468 tagged_above=-999 required=5 tests=[AWL=1.131, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c2zoqynWlHak for <ietfarch-sasl-archive-Zoh8yoh9@core3.amsl.com>; Wed, 18 Feb 2009 20:42:22 -0800 (PST)
Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id BF3013A6944 for <sasl-archive-Zoh8yoh9@ietf.org>; Wed, 18 Feb 2009 20:42:21 -0800 (PST)
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n1J4ZwFu090289 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 18 Feb 2009 21:35:58 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n1J4ZwwE090288; Wed, 18 Feb 2009 21:35:58 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-sasl@mail.imc.org using -f
Received: from orthanc.ca (orthanc.ca [208.86.224.138]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n1J4ZjGZ090280 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for <ietf-sasl@imc.org>; Wed, 18 Feb 2009 21:35:56 -0700 (MST) (envelope-from lyndon@orthanc.ca)
Received: from mm.wbb.net.cable.rogers.com (mm.wbb.net.cable.rogers.com [74.210.92.229]) (authenticated bits=0) by orthanc.ca (8.14.3/8.14.3) with ESMTP id n1J4Zgx4089999 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-sasl@imc.org>; Wed, 18 Feb 2009 20:35:43 -0800 (PST) (envelope-from lyndon@orthanc.ca)
Date: Wed, 18 Feb 2009 20:35:36 -0800
From: Lyndon Nerenberg <lyndon@orthanc.ca>
To: ietf-sasl@imc.org
Subject: A dignified burial for CRAM-MD5
Message-ID: <alpine.BSF.2.00.0902182004000.4366@mm.orthanc.ca>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
Organization: The Frobozz Magic Homing Pigeon Company
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format="flowed"; charset="US-ASCII"
Sender: owner-ietf-sasl@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-ID: <ietf-sasl.imc.org>
List-Unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Folks, it has been nearly a decade since the first move towards re-stating CRAM-MD5 as a SASL mechanism. It's obvious now that this will never happen. It's also obvious that CRAM-MD5 has entrenched itself to the point where it's not going to go away any time soon (or late for that matter). The global base of interoperable deployments says we don't need to issue a formal update to the specification. Frankly, anything that fits inside two pages of text and works this well deserves to be left well enough alone. Since the SASL WG can't come to an agreement about the status of CRAM-MD5 -- other than it's adamantly opposed to its moving forward on the standards track -- I think it's time for the WG to drop CRAM-MD5 from the work list. It's currently not a formal SASL mechanism, so abandonment by the WG is a valid solution. This would leave RFC2195 in its present state, validating the existing CRAM-MD5 deployments. Beside that, I'm proposing to put together a new Informational RFC that documents the WGs concerns about the mechanism, and addresses the interoperability issues. (Kurt's draft has done much of this work already.) --lyndon
- A dignified burial for CRAM-MD5 Lyndon Nerenberg
- Re: A dignified burial for CRAM-MD5 Alexey Melnikov