Upload File

rfc2222bis. summary rfc2222bis-13 to be submitted tomorrow addresses substantive issues addresses...

  • Home
  • Documents
  • RFC2222bis. Summary Rfc2222bis-13 to be submitted tomorrow Addresses substantive issues Addresses editorial/nits Recommend WGLC upon announcement
11
RFC2222bis

Upload: nigel-chapman

Post on 17-Dec-2015

213 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: RFC2222bis. Summary Rfc2222bis-13 to be submitted tomorrow Addresses substantive issues Addresses editorial/nits Recommend WGLC upon announcement

RFC2222bis

Page 2: RFC2222bis. Summary Rfc2222bis-13 to be submitted tomorrow Addresses substantive issues Addresses editorial/nits Recommend WGLC upon announcement

Summary

•Rfc2222bis-13 to be submitted tomorrow

•Addresses substantive issues

•Addresses editorial/nits

•Recommend WGLC upon announcement

Page 3: RFC2222bis. Summary Rfc2222bis-13 to be submitted tomorrow Addresses substantive issues Addresses editorial/nits Recommend WGLC upon announcement

Authentication Outcome (Section

3.6)• Add: “The outcome message provided by the server can provide a way for the client to distinguish between errors which are best dealt with by re-prompting the user for her credentials, errors which are best dealt with by telling the user to try again later, and errors where the user must contact a system administrator for resolution (see The SYS and AUTH POP Response Codes [RFC3206] specification for an example). This distinction is particularly useful during scheduled server maintenance periods as it reduces support costs. It is also important that the server can be configured such that the outcome message will not distinguish between a valid user with invalid credentials and an invalid user.”

Page 4: RFC2222bis. Summary Rfc2222bis-13 to be submitted tomorrow Addresses substantive issues Addresses editorial/nits Recommend WGLC upon announcement

Empty Server Challenge

Requirement•Retroactively declares current DIGEST-MD5 mechanism invalid.

•Forces server-first mechanisms with fast re-connect feature to either have extra empty round-trip or use two mechanisms.

•SASL implementor who coded according to requirement can not interoperate with SMTP LOGIN installed base.

Page 5: RFC2222bis. Summary Rfc2222bis-13 to be submitted tomorrow Addresses substantive issues Addresses editorial/nits Recommend WGLC upon announcement

With Requirement

C: AUTH DIGEST-MD5 <initial-resp>S: OK <server-success-data>

C: AUTH DIGEST-MD5S: <MUST-be-empty>C: <empty-no-initial-resp>S: <server-challenge>C: <response>S: OK <server-success-data>

(incompatible change to DIGEST-MD5 spec)

Page 6: RFC2222bis. Summary Rfc2222bis-13 to be submitted tomorrow Addresses substantive issues Addresses editorial/nits Recommend WGLC upon announcement

Without Requirement

C: AUTH DIGEST-MD5 <initial-resp-reconn>S: OK <success-data>

C: AUTH DIGEST-MD5S: <server-challenge>C: <response>S: OK <success-data>

(DIGEST-MD5 spec as documented)

Page 7: RFC2222bis. Summary Rfc2222bis-13 to be submitted tomorrow Addresses substantive issues Addresses editorial/nits Recommend WGLC upon announcement

Workaround

C: AUTH DIGEST-MD5-RECON <initial-resp>S: OK <success-data>

C: AUTH DIGEST-MD5S: <server-challenge>C: <response>S: OK <success-data>

Page 8: RFC2222bis. Summary Rfc2222bis-13 to be submitted tomorrow Addresses substantive issues Addresses editorial/nits Recommend WGLC upon announcement

SMTP LOGIN

Netscape Variant:C: AUTH LOGIN <username>S: <arbitrary-server-challenge>C: <password>S: OK

Microsoft Variant:C: AUTH LOGINS: “Username:”C: <username>S: “Password:”C: <password>S: OK

(non-standard, undocumented)

Page 9: RFC2222bis. Summary Rfc2222bis-13 to be submitted tomorrow Addresses substantive issues Addresses editorial/nits Recommend WGLC upon announcement

mech downgrade detection

•Upon detection, SHOULD close connection.

Page 10: RFC2222bis. Summary Rfc2222bis-13 to be submitted tomorrow Addresses substantive issues Addresses editorial/nits Recommend WGLC upon announcement

Security Considerations

•Separately discussion

•Downgrade Attacks

•Hijack Attacks

•challenge/response modification -> denied access / retries (to additional ciphertext)

Page 11: RFC2222bis. Summary Rfc2222bis-13 to be submitted tomorrow Addresses substantive issues Addresses editorial/nits Recommend WGLC upon announcement

IANA Considerations

•Registration of family of mechanisms


The Policy Framework for Substantive Equality · Substantive Equality – the Policy Framework for Substantive Equality This document outlines the Policy Framework for achieving substantive

Substantive Growth Strategies

Public Procurement Review Software (goPRS) · corruption. The Public Procurement Review Software (goPRS) is a substantive system that addresses the monitoring and oversight of public

Nits Resume Pres1

Substantive Change Proposal

Counseling for IIT/NIT Aspirants. Contents Information about IITs & NITs – Changes in Selection process – Courses available IITs & NITs – Number of seats

Vision 2025 for NITs

Dave asish(nits)2013

Picking Nits - Making Sure Your Content Is Great

Substantive Due Process

Big Eye At Nits

substantive ratonalty.pdf

Current GAO OfficialsThis summary letter decision addresses well established rules which have been discussed in previ- ous Comptroller General decisions. To locate substantive decisions

Leveraging Substantive Consolidation, Piercing the …media.straffordpub.com/products/leveraging-substantive... · Leveraging Substantive Consolidation, Piercing the Veil, and Alter

Programa nits d´aielo i art 2015

Developing Substantive Projects

L'Espingari - Nits marineres

Substantive 2

Programa FESTIVAL NITS D´ AIELO I ARTS 2014

ePOS TOUCH VISION 1553 - assets.eposcom.ru · 6 1.4 Specifications Display Model PPD-1700 PPD-1500 PPD-1210 TFT LCD 17” 15” 12.1” Brightness 300 Nits 250 Nits 180 or 400 Nits

PRACTICAL AND SUBSTANTIVE ASPECTS OF SUBROGATION … · PRACTICAL AND SUBSTANTIVE ASPECTS OF SUBROGATION ... SUBSTANTIVE ASPECTS OF SUBROGATION ... common law and statutory

SUBSTANTIVE CHANGE PROSPECTUS

inings ro oestic nits in - Cenex

section12020.files.wordpress.com€¦ · Web viewCRIMINAL LAW: This outline addresses the substantive criminal law, including the definitions of crimes and defenses. The procedural

NiTS Brochure

Substantive Educational Rights

RENT AU NITS PPB - propertyfile.gov.bc.ca

SUPREME COURT Of fiE UNITED STATESlaw2.wlu.edu/deptimages/powell archives/72-777_ClevelandLaFleur2.… · in dealing with legislative classifications. Substantive due process addresses

Substantive Organizational Managerial

SUBSTANTIVE CHANGE PROPOSAL DISTANCE EDUCATION · SUBSTANTIVE CHANGE PROPOSAL DISTANCE EDUCATION ... This Substantive Change Proposal is to report the 22 associate ... relevant and

Public Procurement Review Software (goPRS)goprs.unodc.org/documents/goPRS_folder.pdf · corruption. The Public Procurement Review Software (goPRS) is a substantive system that addresses

PowerPoint Presentation Chapter/PDF and Images/SIDBA... · 2016-04-14 · 15 nits 1 0,OOO nits . 14,700 nits 188 nits 145 nits ... 0.002 darker 0.01 100 1000 -3 000 10,000 0.1 10

Substantive Policy Statement

Book 6 - Nits, Nits, Nits! - Amazon S3 · The girls shoes were too tight and she felt uncomfortable. The bed was soft and cosy which made the boy feel uncomfortable. Tell your partner

Substantive Change Policy & Procedures Manual Substantive Change Policy... · Substantive Change Policy & Procedures Manual ... The accreditation provides public ... Dyersburg State