I have forwarded a snippet from a discussion on the TLS DL about SASL.
People in the IPP group who have proposed using SASL, do you have any
comments?
Carl-Uno
-----Original Message-----
From: Matt Hur [mailto:matt.hur at CyberSafe.COM]
Sent: Friday, November 13, 1998 8:09 AM
To: IETF Transport Layer Security WG
Cc: IETF Transport Layer Security WG
Subject: Re: Last Call: Addition of Kerberos Cipher Suites to Transport
Layer Security (TLS) to Proposed Standard
--- big snip ----
Second of all, SASL is objectionable, and the security community has been
silent in this regard for far too long. I assume that SASL actually made
it to RFC only because it was not associated with a working group (much
less a security working group) and has not been subject to appropriate
scutiny. SASL specifies next to nothing and specification of SASL
mechanisms is ad hoc. I fail to see how SASL is "superior" in any way -
perhaps people from the security community could shed some light on this?.
--Matt