ietf-nntp Re: WG Review: Simple Authentication and Security Layer (sasl)

Jeffrey M. Vinocur jeff at
Fri Dec 20 16:53:21 UTC 2002

On Fri, 20 Dec 2002, Rob Siemborski wrote:

> Additionally, since both the DSS SASL mechanism and TLS require the
> expense of a public key operation to setup, and once the overhead of that
> is done with the continued expense of encrypting the traffic isn't that
> high, 

Uh, you understand the volume of traffic that many clients are pulling, 
right?  I don't pay attention to the binary-newsgroup world myself, so I 
don't have any figured (other people feel free to chime in), but I promise 
it dwarfs any authentication setup step.

> I am also of the opinion that this is a special-case requirement, and
> shouldn't hold up the draft, 

That probably is true; we don't lose anything by having an 
implementation that only helps some people.

> I suspect that if a new mechanism is desired, than it will need to
> be developed by those who want it (this group).

Hmm, query:  what happens if another SASL negotiation is started on a 
connection that's currently within TLS?  That is, could we essentially do 
"AUTHINFO SASL NONE" after the authentication step is complete, and drop 
the security layer?

Jeffrey M. Vinocur
jeff at

More information about the inn-workers mailing list