ietf-nntp Re: WG Review: Simple Authentication and Security Layer (sasl)

Jeffrey M. Vinocur jeff at litech.org
Fri Dec 20 16:53:21 UTC 2002


On Fri, 20 Dec 2002, Rob Siemborski wrote:

> Additionally, since both the DSS SASL mechanism and TLS require the
> expense of a public key operation to setup, and once the overhead of that
> is done with the continued expense of encrypting the traffic isn't that
> high, 

Uh, you understand the volume of traffic that many clients are pulling, 
right?  I don't pay attention to the binary-newsgroup world myself, so I 
don't have any figured (other people feel free to chime in), but I promise 
it dwarfs any authentication setup step.


> I am also of the opinion that this is a special-case requirement, and
> shouldn't hold up the draft, 

That probably is true; we don't lose anything by having an 
implementation that only helps some people.


> I suspect that if a new mechanism is desired, than it will need to
> be developed by those who want it (this group).

Hmm, query:  what happens if another SASL negotiation is started on a 
connection that's currently within TLS?  That is, could we essentially do 
"AUTHINFO SASL NONE" after the authentication step is complete, and drop 
the security layer?


-- 
Jeffrey M. Vinocur
jeff at litech.org



More information about the inn-workers mailing list