Plaintext Password SASL Mechanism for Transitioning
draft-newman-sasl-plaintrans-04
| Document | Type | Expired Internet-Draft (individual) | |
|---|---|---|---|
| Author | Chris Newman | ||
| Last updated | 1997-11-13 | ||
| Stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats |
Expired & archived
plain text
htmlized
pdfized
bibtex
|
||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | Expired | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
https://www.ietf.org/archive/id/draft-newman-sasl-plaintrans-04.txt
Abstract
Unencrypted plaintext passwords are the biggest single risk to Internet application protocol security. Unfortunately, they are widely deployed, often tightly integrated into operating system services and very difficult to replace in an interoperable fashion. This specification discusses some methods which can be used to eliminate unencrypted plaintext passwords. It also defines a SASL mechanism [SASL] which may be used by newer protocols such as ACAP [ACAP] to transition away from a legacy authentication database.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)