Harald has written a personal report from the IETF meeting.
You can read the whole report at:
I have copied the part that he wrote on security for your information below.
Security: The overarching concern
There is great concern about security, with excellent reason. One report
from MIT was that they estimated that aproximately
90% of the subnets had password sniffers running, up from 50% last summer -
not only are those who wish to challenge us for
control of our resources getting more numerous, they are also getting
With this in mind, it is hard to say what is more depressing: The lack of
functional standards for security, or our singular lack of
success in seeing deployment of the ones we have.
But things ARE improving; in new standards, cleartext passwords are no
longer used - a technique called "CRAM-MD5", a
challenge-response mechanism, is seeing increased usage, together with the
authentication method framework called "SASL".
And when securing a connection is needed, the big fights about
cryptoalgorithms have now resulted in a specification called
"TLS" (descendant of the "SSL" currently popular on the Web) allows one to
negotiate a secure connection without the need
for any license from any patent-owning organization.
The feedback from these developments has been somewhat mixed; changing
authentication infrastructures is real work, and
CRAM-MD5 is not immediately suitable for use with existing UNIX or NT
frameworks; it may, however, be that even these
seemingly immovable obstacles can be overcome, in order to achieve
interoperable security across open systems. If so, we
will have wrought well.
Principal Engineer - Advanced Printing Standards - Xerox Corporation
701 S. Aviation Blvd., El Segundo, CA, M/S: ESAE-231
Phone +1-310-333 8273, Fax +1-310-333 5514
Email: manros at cp10.es.xerox.com