[prev in list] [next in list] [prev in thread] [next in thread] 

List:       dents-list
Subject:    Re: ctlfac authntication
From:       will () mindspring ! net
Date:       1998-12-16 1:19:15
[Download RAW message or body]

Todd Graham Lewis <tlewis@mindspring.net> writes:

> > POP-style authentication is fairly straight-forward. I'm 80% finished
> > with the cleartext version. The hard part, it seems to me, is RSA
> > negotiation.
> 
> Why are you doing RSA negotiation in a cleartext version?


The sentences were distict. The cleartext version wroks with a few
small bugs I will fix over the weekend. I figured on using that as a
jumping off point for an encrypted version, with cleartext being
turned on or off at runtime.

> If you're going to support encryption, you should implement support for
> the GSSAPI.  A hand-rolled RSA-based access method is contrary to the
> intent of the IESG on this matter, and such patches are not welcome.
> We will use GSSAPI to access underlying security systems.

I think we should offer both. I recognise the advantages of kerberos,
but it's not universal. Moreover, setting up kerberos is a non-trivial
task, at best. I find it interesting that glib was rejected in part
because it required a separate library, but nothing is said of the
troubles of GSS.

I understand, and support the need for GSS, but I don't think it
should be the only encrypted authentication option.

Will

[prev in list] [next in list] [prev in thread] [next in thread]