On 6/27/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
I doubt it will be possible to use exactly the same methods for HTTP, XMPP, SMTP and IMAP. The latter three (XMPP, SMTP and IMAP) are session based, and might require authentication/authorization only once during a session. HTTP is stateless (at least in general), so some thought needs to be given to extending the auth across multiple requests. A method for HTTP will need to consider potential performance issues, replay protection, and possible tie-in with other available session state (such as a TLS channel), among other things. The others can generally get away with a on-time verification step per session. It may be possible to share portions of the mechanism. In fact, TLS/SSL with client authentication supports all 4 protocols. However it seems to be rejected because of other issues: PKI lifecycles, physical portability of the key, trust management, etc.
Assuming TLS is all about X.509 is completely missing the point. TLS supports several other authentication mechanisms, such as pre-shared secrets or Kerberos. There's nothing to stop us defining some new ones if we need them.
Terry Hayes AOL LLC -----Original Message----- From: [EMAIL PROTECTED] To: [email protected] Cc: [EMAIL PROTECTED] Sent: Tue, 27 Jun 2006 9:57 AM Subject: [Ietf-http-auth] Re: [dix] BOF plans (Was: Notes on Web authentication enhancements) Ben Laurie wrote: >> >> - Does the mechanism use or extend currently deployed web >> authentication mechanisms (client side and server side)? If not, why >> not? > > No - because if you use web authentication, then it will not work for > protocols that are not HTTP based - XMPP and IMAP are obvious examples > that spring to mind. I'm not sure I'd go so far as No, but the mechanism or an analog must be easily ported to other application protocols such as XMPP, SMTP, or IMAP. I would think an existence proof of 2 (one being HTTP; the other being IMAP) would be a very useful thing for any WG. Eliot ______________________________ _________________ Ietf-http-auth mailing list [EMAIL PROTECTED] http://lists.osafoundation.org/cgi-bin/mailman/listinfo/ietf-http-auth ________________________________ Check out AOL.com today. Breaking news, video search, pictures, email and IM. All on demand. Always Free. _______________________________________________ Ietf-http-auth mailing list [EMAIL PROTECTED] http://lists.osafoundation.org/cgi-bin/mailman/listinfo/ietf-http-auth
_______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
