IPP> FW: Last Call: Addition of Kerberos Cipher Suites to Transport L ayer Security (TLS) to Proposed Standard

IPP> FW: Last Call: Addition of Kerberos Cipher Suites to Transport L ayer Security (TLS) to Proposed Standard

IPP> FW: Last Call: Addition of Kerberos Cipher Suites to Transport L ayer Security (TLS) to Proposed Standard

Manros, Carl-Uno B cmanros at cp10.es.xerox.com
Fri Nov 13 15:33:55 EST 1998


I have forwarded a snippet from a discussion on the TLS DL about SASL.

People in the IPP group who have proposed using SASL, do you have any
comments?

Carl-Uno

-----Original Message-----
From: Matt Hur [mailto:matt.hur at CyberSafe.COM] 
Sent: Friday, November 13, 1998 8:09 AM
To: IETF Transport Layer Security WG
Cc: IETF Transport Layer Security WG
Subject: Re: Last Call: Addition of Kerberos Cipher Suites to Transport
Layer Security (TLS) to Proposed Standard


--- big snip ----

Second of all, SASL is objectionable, and the security community has been
silent in this regard for far too long.  I assume that SASL actually made
it to RFC only because it was not associated with a working group (much
less a security working group) and has not been subject to appropriate
scutiny.  SASL specifies next to nothing and specification of SASL
mechanisms is ad hoc.  I fail to see how SASL is "superior" in any way -
perhaps people from the security community could shed some light on this?.


--Matt




More information about the Ipp mailing list