Only comment I remember in the BOF itself was EKR pointing out that the underlying aim of SASL is essentially broken, I guess that also applies to GSSAPI. Options in crypto specs are usually bad.
A distinction needs to be made between the authentication mechanism and the authentication protocol. Given an authentication mechanism such as a password, a public key, a biometric there should ideally be one protocol that supports that mechanism. Having six different algorithms to support password exchange is broken. Six different protocols is worse. The point of a standards process is not what you put into the spec, its what you leave out. > -----Original Message----- > From: Nicolas Williams [mailto:[EMAIL PROTECTED] > Sent: Tuesday, July 18, 2006 8:58 AM > To: Digital Identity Exchange > Subject: Re: [dix] DRAFT: WAE BOF minutes > > On Sat, Jul 15, 2006 at 08:23:46PM +0200, Eliot Lear wrote: > > Throughout the entire BoF there was a side conversation of > SASL v. GSS. > > Mostly in the jabber room though... > > _______________________________________________ > dix mailing list > [email protected] > https://www1.ietf.org/mailman/listinfo/dix > > _______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
