ietf-nntp Re: WG Review: Simple Authentication and Security Layer (sasl)
Jeffrey M. Vinocur
jeff at litech.org
Fri Dec 20 16:53:21 UTC 2002
On Fri, 20 Dec 2002, Rob Siemborski wrote:
> Additionally, since both the DSS SASL mechanism and TLS require the
> expense of a public key operation to setup, and once the overhead of that
> is done with the continued expense of encrypting the traffic isn't that
> high,
Uh, you understand the volume of traffic that many clients are pulling,
right? I don't pay attention to the binary-newsgroup world myself, so I
don't have any figured (other people feel free to chime in), but I promise
it dwarfs any authentication setup step.
> I am also of the opinion that this is a special-case requirement, and
> shouldn't hold up the draft,
That probably is true; we don't lose anything by having an
implementation that only helps some people.
> I suspect that if a new mechanism is desired, than it will need to
> be developed by those who want it (this group).
Hmm, query: what happens if another SASL negotiation is started on a
connection that's currently within TLS? That is, could we essentially do
"AUTHINFO SASL NONE" after the authentication step is complete, and drop
the security layer?
--
Jeffrey M. Vinocur
jeff at litech.org
More information about the inn-workers
mailing list