CRAMing for last call

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Now that 2222bis is close to reality, I would like to push the final version of CRAM out as well. The two documents should be able to go through together, (I hope) making life easier for the RFC editor.

I have some non-substantive editorial changes that will make the document a bit easier to read, but these are not show stoppers. I think all of the last round of comments are addressed in the current draft. If not, I would like to hear from people, soon.

I would also like to solicit a few additional examples from anyone who has implemented CRAM in other than IMAP.

Finally, we need to address the issue of the MD5 "break." I have held off from commenting on this issue until the community has seen explicit evidence of the attack, and the implications of it. At this point, I don't know if the document deserves a writeup on the attack. Theory abounds, but I haven't yet seen a practical attack that works in the general case. We should at the least make mention of what has been discussed, and point to the literature, but I don't think the document deserves to discuss all the possible attacks. This doesn't mean to discourage anyone from contributing text to the Security Considerations section (please do).

The IMAP-EXT list has had recent discussion that points out the ambiguity of searching for the space (SP) separator (between the user id and the digest) as being the rightmost SP, so I will strengthen that text. Any other comments should come forth soon as I would like to run out the final draft at the end of next week (Oct. 8) if I can.

Cheers,

--lyndon (editor)

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux