Looking for WG input: Password based method requirements
Simon Josefsson
simon at josefsson.org
Thu Mar 29 15:16:57 CEST 2007
Hi! I have not been following the EMU WG closely, but I noticed that
you are working on password-based authentication. I'm gauging
interest in an effort to do a password-based protocol that supports
both GSS-API and SASL, see:
http://www.ietf.org/internet-drafts/draft-josefsson-password-auth-00.txt
http://yxa.extundo.com/pipermail/password-auth/2007-March/000000.html
http://josefsson.org/password-auth/
One idea that occurred to me was to make this a triple
GSS-API/SASL/EAP mechanism. I don't know whether it is feasible.
Some of the requirements you mentioned may argue otherwise (e.g.,
supporting transmission of password). However, the document might
change to accommodate new ideas. One thing that is required is
someone with more EAP involvement than me to help make sure it works
fine for EAP.
Consider this a cross-WG fertilization plea. :)
Comments appreciated,
Simon
More information about the Password-auth
mailing list