"Kurt D. Zeilenga" <Kurt(_at_)OpenLDAP(_dot_)org> writes:
It is my recommendation that the mandatory-to-implement
"strong" authentication mechanism for this protocol be either:
DIGEST-MD5 (with a mandate that implementations
support its data security layers)
TLS+PLAIN (with a recommendation that PLAIN not
be used when TLS is not in use).
I don't think recommending the DIGEST-MD5 security layers is a good
idea.
The integrity layer is hard coded to be HMAC-MD5, with keys derived
using a home-grown key-derivation function based on MD5.
Of the privacy layers, only des and 3des were mandatory to implement
in RFC 2831, and both ciphers were dropped in RFC 2831bis, presumable
because they were never implemented correctly nor successfully
deployed.
Either situation alone should be enough to avoid recommending its use
for IETF protocols, in my opinion.
I believe the code complexity cost of DIGEST-MD5 generally outweigh
the small advantages that DIGEST-MD5 may have, for the majority of
users. This is why, in my perception, DIGEST-MD5 hasn't "taken off".
The lack of cryptographic analysis and cryptographic flexibility
doesn't improve the situation.
TLS+PLAIN seem like a fine recommendation, though.
Cheers,
Simon
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf