Re: CRAM-MD5: syntax for challenge

"Kurt D. Zeilenga" <Kurt@OpenLDAP.org> Mon, 03 December 2001 04:03 UTC

Message-Id: <5.1.0.14.0.20011202195510.016d4e00@127.0.0.1>
Date: Sun, 02 Dec 2001 20:03:10 -0800
To: Lyndon Nerenberg <lyndon@atg.aciworldwide.com>
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: Re: CRAM-MD5: syntax for challenge
Cc: ietf-sasl@imc.org
In-Reply-To: <200112030315.fB33FX5I031888@atg.aciworldwide.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ietf-sasl@mail.imc.org
Precedence: bulk

At 07:15 PM 2001-12-02, Lyndon Nerenberg wrote:
>RFC2195 defines the challenge as having the syntax of a message-id,
>and gives some guidance for building the contents. I don't think
>the currently recommended scheme is as robust as it could be. Mobile
>clients configured via DHCP tend to re-use hostnames and IP addresses;
>this diminshes the uniqueness of the host part of the message-id.

It's the server/s FQDN, so why does it matter that the client
is using DHCP or not?

>I'm leaning towards taking out the recommendation, and instead say the
>contents of the challenge must be a random sequence of printable
>characters. I would also like to impose a minimum length on the
>challenge.

I would suggest not mucking with it.

Kurt

CRAM-MD5: syntax for challenge Lyndon Nerenberg
Re: CRAM-MD5: syntax for challenge Kurt D. Zeilenga
Re: CRAM-MD5: syntax for challenge Alexey Melnikov
Re: CRAM-MD5: syntax for challenge Cyrus Daboo
Re: CRAM-MD5: syntax for challenge Lyndon Nerenberg
Re: CRAM-MD5: syntax for challenge Lyndon Nerenberg
Re: CRAM-MD5: syntax for challenge Kurt D. Zeilenga