I have forwarded a snippet from a discussion on the TLS DL about SASL.
People in the IPP group who have proposed using SASL, do you have any
comments?
Carl-Uno
-----Original Message-----
From: Matt Hur [mailto:matt.hur at CyberSafe.COM]
Sent: Friday, November 13, 1998 8:09 AM
To: IETF Transport Layer Security WG
Cc: IETF Transport Layer Security WG
Subject: Re: Last Call: Addition of Kerberos Cipher Suites to Transport
Layer Security (TLS) to Proposed Standard
--- big snip ----
Second of all, SASL is objectionable, and the security community has been
silent in this regard for far too long. I assume that SASL actually made
it to RFC only because it was not associated with a working group (much
less a security working group) and has not been subject to appropriate
scutiny. SASL specifies next to nothing and specification of SASL
mechanisms is ad hoc. I fail to see how SASL is "superior" in any way -
perhaps people from the security community could shed some light on this?.
--Matt
Our website uses cookies on your device to give you the best user experience. By using our website, you agree to the placement of these cookies. To learn more, read our privacy policy. Read Privacy Policy